RES: [Moims-rac] Evaluation of ISO 27001

Katia P. Thomaz katia.thomaz at uol.com.br
Wed Mar 14 12:15:35 EST 2007 

I?ve already read ISO 27001 and now I am sure it can?t be the basis. I agree
with David: the main objective of ISO 27001 (business) is completly
different from RAC (long-time preservation).

Katia Thomaz

-----Mensagem original-----
De: moims-rac-bounces at mailman.ccsds.org
[mailto:moims-rac-bounces at mailman.ccsds.org]Em nome de Chris Rusbridge
Enviada em: quarta-feira, 14 de marco de 2007 06:21
Para: MOIMS-Repository Audit and Certification BOF
Assunto: Re: [Moims-rac] Evaluation of ISO 27001


Well, not surprisingly, I'm not yet convinced. We know that
information security plays an important role in what we are trying to
do. We know that the long term understandability of information is
important to its availability, integrity etc, and therefore a
(hitherto neglected) part of information security. We have not yet
done a detailed analysis of the draft documents (TRAC and nestor)
against 27001, and we can't do this yet since we don't even have the
analysis of these documents to help us choose which one should be the
basis. I will have a go at a detailed analysis ASAP.

David and I agree there is a role for information security (at least
section D of the draft RLG/NARA; I have not yet managed to check the
TRAC document to see if it is the same part) in our work. I think all
we are concerned about here is the extent of that role, and the
nature of the relationship between what we are producing and the
existing standards. Not yet certain, is my verdict!

--
Chris Rusbridge
Director, Digital Curation Centre
Email: c.rusbridge at ed.ac.uk    Phone 0131 6513823
University of Edinburgh
Appleton Tower, Crichton St, Edinburgh EH8 9LE


On 6 Mar 2007, at 23:48, Giaretta, DL ((David)) wrote:

> I have put my analysis of ISO 27001 on the Wiki at http://
> wiki.digitalrepositoryauditandcertification.org/bin/view/Main/
> Iso27001AnalysisDG
>
> My conclusion is that what we are seeking is NOT a minor addition
> to ISO 27001, but rather a fundamental change in its direction, and
> so what we seek to do cannot be done by a small addition to ISO
> 27001 audits.
>
> ..David
>
> _______________________________________________
> Moims-rac mailing list
> Moims-rac at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/moims-rac
>


_______________________________________________
Moims-rac mailing list
Moims-rac at mailman.ccsds.org
http://mailman.ccsds.org/cgi-bin/mailman/listinfo/moims-rac

More information about the Moims-rac mailing list