[Moims-rac] Evaluation of ISO 27001
Chris Rusbridge
crusbrid at staffmail.ed.ac.uk
Wed Mar 14 04:21:26 EST 2007
Well, not surprisingly, I'm not yet convinced. We know that
information security plays an important role in what we are trying to
do. We know that the long term understandability of information is
important to its availability, integrity etc, and therefore a
(hitherto neglected) part of information security. We have not yet
done a detailed analysis of the draft documents (TRAC and nestor)
against 27001, and we can't do this yet since we don't even have the
analysis of these documents to help us choose which one should be the
basis. I will have a go at a detailed analysis ASAP.
David and I agree there is a role for information security (at least
section D of the draft RLG/NARA; I have not yet managed to check the
TRAC document to see if it is the same part) in our work. I think all
we are concerned about here is the extent of that role, and the
nature of the relationship between what we are producing and the
existing standards. Not yet certain, is my verdict!
--
Chris Rusbridge
Director, Digital Curation Centre
Email: c.rusbridge at ed.ac.uk Phone 0131 6513823
University of Edinburgh
Appleton Tower, Crichton St, Edinburgh EH8 9LE
On 6 Mar 2007, at 23:48, Giaretta, DL ((David)) wrote:
> I have put my analysis of ISO 27001 on the Wiki at http://
> wiki.digitalrepositoryauditandcertification.org/bin/view/Main/
> Iso27001AnalysisDG
>
> My conclusion is that what we are seeking is NOT a minor addition
> to ISO 27001, but rather a fundamental change in its direction, and
> so what we seek to do cannot be done by a small addition to ISO
> 27001 audits.
>
> ..David
>
> _______________________________________________
> Moims-rac mailing list
> Moims-rac at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/moims-rac
>
More information about the Moims-rac
mailing list