SOX and BS7799 part 2 345



  • Is anyone doing SOX and 7799? If so in relation to the CoBIT IT controls what is your experience in the overlaps between these 2 ‘standards’ regarding IT security. Is the work required under general IT controls directly re-usable by 7799. :?:



  • This post is deleted!


  • This post is deleted!


  • On ISACA’s Web Site you’ll find a PDF file which map’s Cobit to BS7799. That should help you finding the overlaps.



  • The two things are very much complementary and if you set up the work properly you will be able to directly reuse work on BS7799 under SOX. However, the scope of SOX General Controls is wider than BS7799 and the aforementioned mapping should see you right.



  • Is there any mapping document on Sarbanes-Oxley Act and BS7799 control. %0AWhat % of Sarbanes-Oxley will be complied if orgnization is BS7799 certified.



  • Generally, If COBIT is use to audit the IT general controls, then I would say you are pretty much in line with ISO/IEC17799. However, to achieve BS7799 Part 2 certification, there may be some re-alignment of document and of course lets not forget what is the scope.


Log in to reply