Just a Charla ..
‘Hi Tarun, you look very energetic today ?’
“Yes Linda , pretty much I just had a contract signed off for Process consulting for one of the IT services major”
‘That’s great news.. I presume in the present wave of offshoring
and outsourcing ,process consciousness has shot up a lot among organizations
Image :Darren Hester , http:://openphoto.net
“Very true. Now business demands it . Quality systems, processes and certifications are no more differentiators as they have become a necessity for survival in this hyper competitive world”
‘Ya Tarun…..By the way did you get a chance to look into the new ISO 27001:2005 standard ?How different it is from BS7799-2:2002 ?
“Not much . The key changes are
- 10 domains of BS7799 has been reshuffled into 11 domains with controls related to security incidents clubbed into a new ‘Information Security Incident Management’ domain
- Reallocation of few controls into more appropriate domains , to bring in more clarity
- New controls have been added and few sparsely used controls like Duress alarm, node authentication etc. have been removed
- The Clauses requirements are now more synchronized to ISO 9001:2000 , with rearrangement of Internal ISMS audits as a separate section
- Metrics is now a necessity even for ISMS
‘ Ok..That doesn’t seem to be much of change ‘
“ Sure..for companies already holding BS7799 certification it’s just a little extra effort to migrate to ISO 27001:2005 “
‘ Hope will all these standards bring back ROI in either tangible or intangible way …...
Ok Tarun , need to catch the 6o’clock train .So let me make a move ..’
“ Oh…fine ..its nearly time …trains service in our country work at six sigma levels .So better rush out to be on time ..”
‘Mm. Bye Tarun …’
Labels: CMMI, Information Security
2 Comments:
OSB,
Informative!
May be, As Linda was hurrying to catch the train "operating at 6sigma level" (btw, in which country? I would like to know hey), she didnt get a chance to get this straight.
ISO has released ISO17799 in 2000 based on BS7799. Well, Everybody knows that. The question was what's the purpose behind creating the ISO 27000 series? And why the revisons of ISO 17799 to be named under ISO 27000 series?
--Suji Kumar
Suji...
ISO 17799 is stil retained as a guideline document for Information Security.
The ISO 27001:2005 is a replacement of BS7799-2:2002 which was a auditabe standard.
This move is to have the entire community adopt a International ISO standard rather than a BS standard for ISMS vertification .
And for Linda , I presume she might be a in a place where Quality and systems are well practiced throught out the country .I leave it to you to guess that !
Thanks for the comments ...
Post a Comment
<< Home