back to article Avoid the dreaded auditor's smirk: Smart policies and procedures for the hybrid cloud

When you get to a certain age, and you've been in the IT industry for enough years, you start to get an idea of what auditors are looking for when they descend on you and ask you pointed questions about your systems. And I don't just mean security auditors: if your company has an annual financial audit the team which comes to …

  1. Anonymous Coward
    Anonymous Coward

    In summary..

    Use the index of ISO 27001 as a guide and you'll be right as rain.

    But that would make for a shorter article :).

    1. Alistair Silver badge

      Re: In summary..


      All those "security training seminar" sales folk will be hunting you down if you keep this up.

      1. Anonymous Coward
        Anonymous Coward

        Re: In summary..

        Nah, I stopped that racket a while back (because it really is a racket), and you're talking to someone who used BS7799 when it was still in draft. The one to watch is ISO 27001, but you can't certify against that because that would actually be *effective*. No, you can only get certified against having a system in place (ISO 27002), which is unaffordable for smaller companies - see where that is going?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like