New ISO TR on Guidance on the audit of the governance of IT

In conjunction with the guidance contained in ISO/IEC 38500, ISO/IEC TR38502 ISO/IEC19011:2011: Guidelines for auditing management systems, there is a new technical report proposed on providing guidance on audits to assess whether an organization’s governance of IT is aligned with the principles for governance of IT in ISO/IEC 38500.

BSI is seeking public comments on this new TR URL:http://standardsproposals.bsigroup.com/Home/Proposal/3684

“The primary audience for the technical report is auditors undertaking audit assessment of an organization’s governance of IT. The outcomes of such assessments will inform members of governing bodies who are responsible for the governance of IT and are accountable for the effective, efficient and acceptable use of IT within the organization; and those responsible for defining and implementing the governance framework for IT.”

IT auditor has a responsibility to help the management board to oversees complex IT environment. A governance framework defines the organisation structure, role and responsibility and accountability is important.

This entry was posted in Information security strategy and tagged , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup Powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s