ISO Standards Documentation 2464

  • Just wondering if anyone could point me in the direction of ISO Standards. More specifically those that purtain directly to SOX or PCI DSS requirements.

  • one standard that pretty much covers all abt ITGC is ISO27001. The document comes at a price and can be ordered from the iso dot org website.
    This standard covers more than what is required for sox in the area of Information security.

  • Although, to be clear, there is no ISO that purtains directly to SOX.

  • I agree with Denis, there is no ISO that purtains directly to SOX.
    Having said that, I tried an approach in the Netherlands that worked. To make a long story short, I persuaded a consulting firm to develop a proposal: ‘Give us the SOX compliance project and we will give you ISO27001 for free’
    ISO is ‘nice to have’, SOX is ‘a must’. If you do what is necessary (SOX) and at the same time cut and paste your documentation to have your ISO, you add value to shareholders :roll:

Log in to reply