‘Hi Tarun, you look very energetic today ?’
“Yes Linda , pretty much I just had a contract signed off for Process consulting for one of the IT services major”
‘That’s great news.. I presume in the present wave of offshoring
and outsourcing ,process consciousness has shot up a lot among organizations
Image :Darren Hester , http:://openphoto.net
“Very true. Now business demands it . Quality systems, processes and certifications are no more differentiators as they have become a necessity for survival in this hyper competitive world”
‘Ya Tarun…..By the way did you get a chance to look into the new ISO 27001:2005 standard ?How different it is from BS7799-2:2002 ?
“Not much . The key changes are
- 10 domains of BS7799 has been reshuffled into 11 domains with controls related to security incidents clubbed into a new ‘Information Security Incident Management’ domain
- Reallocation of few controls into more appropriate domains , to bring in more clarity
- New controls have been added and few sparsely used controls like Duress alarm, node authentication etc. have been removed
- The Clauses requirements are now more synchronized to ISO 9001:2000 , with rearrangement of Internal ISMS audits as a separate section
- Metrics is now a necessity even for ISMS
‘ Ok..That doesn’t seem to be much of change ‘
“ Sure..for companies already holding BS7799 certification it’s just a little extra effort to migrate to ISO 27001:2005 “
‘ Hope will all these standards bring back ROI in either tangible or intangible way …...
Ok Tarun , need to catch the 6o’clock train .So let me make a move ..’
“ Oh…fine ..its nearly time …trains service in our country work at six sigma levels .So better rush out to be on time ..”
‘Mm. Bye Tarun …’
Labels: CMMI, Information Security