Hi Kathleen
I have worked for an organisation which acquired ISO 27001 certification.
The certification process was undertaken by a certifying body such as
Lloyds of London.
In the case of this organisation they sought certification on their data
centres as opposed to the entire network which they managed. This means
you can just certify part of the IT infrastructure.
One of the keys to certification was having an approved records policy and
procedures in place.
Just because an organisation is compliant does not mean their data does
not come with viruses.
There are questions which need to be asked. For example what risks were
accepted as part of the certification? What has been certified? Was it the
indexed items?
I hope this helps.
Regards
Jenny Evans
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]