Before considering certification, or indeed the issue of any formal public statement on this issue, it is important to gain confidence in your underlying compliance levels. Establishing your current compliance position is in fact the first step to conformance.
This is much harder than may superficially appear. For larger organizations, the position for each and every information system within scope needs to be firmly established. This CAN be a very intensive and costly operation.
Having achieved this, plans then need to be created to ensure that the necessary improvements are implemented to move the organization as a whole forward towards the ISO17799 objective. Again, this CAN prove to be very costly.
However, having completed this process, and having reached a broad compliance plateau, most of the hard work is actually done.
The next web page will consider a well known method of simplifying the above and achieving compliance with minimum pain.
