How is ISO 17799 different from SAS 70?
Posted: November 9th, 2008 | Author: admin | Filed under: Uncategorized | No Comments »Best reply by Sarah R:
ISO 17799, derived from the de facto British Standard 7799, is an internationally recognized information security management standard that provides high-level, conceptual recommendations on enterprise security. It consists of two parts. Part 1 contains guidelines on how to implement a comprehensive information security infrastructure. Part 2 is an auditing guide based on ISO 17799-compliance requirements.
Meanwhile, SAS No. 70 is a type of IT audit that a company carries out on its suppliers, partners and companies to which it outsources business functions. The overall goal of the SAS 70 is for the company in question to have a level of assurance that the outside provider has implemented the necessary protective controls.
Read more replies
How is ISO 17799 different from SAS 70?