3rd Q Change of Control structure from ITGC to ISO 27001 2741

  • I am working with a company that is moving from SOX compliance to enterprise risk management. In this change management’s control structure for IT is changing from cobit based ITGC to the ISO 27001 frame work. I am assuming we will need to test against both correct? or can we map from the old COBIT base to the new ISO base and only test roll forward and items that need to be remediated?
    Thanks in advance for the assistance,

Log in to reply