I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on ensuring the proper due diligence on the vendors, I could not find any material on what happens before the vendors are onboard – how does the Information…
Category: ISO
What, why, when – ISO 27001 vs SOX 404
I recently met with a group who wanted to get started in the IT Audit. The members of the group had some experience in the IT Audit, I realized a common theme in their misunderstanding of ISO 27001 and SOX 404 as they used both the terms interchangeably. In this post, I will distinguish the…
12 must-have policies and procedures for ISO 27001 & SOC 2 audit
As we discussed in an earlier post, the primary requirement for a SOC 2 audit is when a company provides services to a third party. As per the AICPA, the SOC 2 consists of the following Trust Services Principles (TSPs): Security (also known as Common Criteria) Availability Processing Integrity Confidentiality Privacy The scope for each…
A layman’s guide to ISO 27001 vs SOC 1 vs SOC 2 vs SOC 2 vs SOC 3 compliance
In case you are following my previous posts (link 1, link 2), you must be aware that I have been reading and posting a lot of thoughts on different ISO frameworks. But reading about these frameworks reminds me of a quote by Socrates – The more I know, the more I realize I know nothing….
A Beginner’s Guide to ISO ISMS Standards
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee….
A Beginner’s Guide to Information Security Frameworks
Checklists turn out…to be among the basic tools of the quality and productivity revolution in aviation, engineering, construction – in virtually every field combining high risk and complexity. Checklists seem lowly and simplistic, but they help fill in for the gaps in our brains and between our brains. – Atul Gawande Just as Checklists solve…