SOX Compliance and BS7799 Part 2: 2002 150
-
SOX Compliance and BS7799 Part 2: 2002
Does anyone know whether it is sufficient to be certified according to the BS7799 Part 2: 2002 for the SOX Compliance?
Has anybody compared the BS7799 Part 2: 2002� with ‘SAS 70 Type I or II’ yet?
Thanks in advance.
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
I would say the is answer is certainly yes.
Legislation like SOX is heavy on the requirement to show due diligence. This, after all, is why it was created.
Complying with, or even being certified with, an international standard like ISO 17799 (cert BS7799) clearly demonstrates that due diligence. In fact it does so extremely visibly.
I note as well that there is a link to the standard on the left hand panel of this screen.
-
The focus of ISO 17799 is protection of information assets and its control objectives are related to the confidentiality, availability and integrity of information. Without a sound information security infrastructure any ‘raw material’ used in financial controls will be suspect. Further how sound (or unsound) information is then applied to control the business is at the heart of SOX and much wider than the scope of an ISO 17799 information security management system. :?
-
Hi,
BS7799 cover the area of IT General Controls, but you should pay attention on Applications Control
-
Is there some sort of a matrix that shows BS7799 controls on one side and corresponding SOX sections on the other for comparison purposes?
-
Does anyone know whether it is sufficient to be certified according to the BS7799 Part 2: 2002 for the SOX Compliance?
No.
BS7799 only deals with one part of the scope of SOX - namely General Computer Controls, SOX is concerned with control over financial statements which is wider than, but underpinned by, General Computer Controls (GCC).
The de facto standard for GCC (for SOX) is CobIT as issued by ISACA. They have various papers on their website that map other control frameworks to CobIT.