IT Compliance PBI, COBIT, ISO27001

Berikut ini adalah salah satu Guidance mengenai IT AUDIT, yaitu Mapping antara PBI 9/15/2007, COBIT dan ISO27001,
Selain  itu ada guidance ITIL dan SDLC yang juga menjadi guidance utama standar pengelolaan IT.

No PBI 09/15/2007 Area COBIT Area ISO27001
1 Management IT Management A.5 Security policy
IT Strategic Plan P01 Define a Strategic IT Plan
IT Organization P07 Manage IT Human Resources A.6 Organization of information security
Personnel Control A.8 Human resources security
Project Management P05 Manage the IT Investment
Management Information System
IT Risk Awareness Program P09 Assess and Manage IT Risks
Risk Monitoring & Measurement
2 System Dev & Acquisition Project Management P10 Manage Projects A.12 IS Acquisition, Development & Maintenance
Program Change Management A06 Manage Changes
Application Development Risk Management A02 Acquire and Maintain Application Software
Acquisition, Procurement & Outsourcing A05 Procure IT Resources
3 IT Operational Activities Data Center Operational A04 Enable Operation and Use
Capacity Planning DS03 Manage Performance and Capacity
Hardware & Software Configuration DS09 Manage the Configuration
Problem & Incident Management DS08 Manage Service Desk and Incidents A.13 Information Security Incident Mgmt
Datawarehouse Management
Library Function
QA Function P08 Manage Quality
Third Party Relationship DS01 Define and Manage Service Levels
Disposal Management
IT Operation Risk Management DS13 Manage Operations
4 Communication Network Network Management A.10 Communications & Operations Mgmt
Network Access Control A.11 Access control
Backup & Recovery
5 Information Security Aset Management DS05 Ensure Systems Security A.7 Asset management
Human Resources Management
Physical & Environment Security DS12 Manage Physical Environment A.9 Physical and environmental security
Logical Security
6 Business Continuity Plan Active Management Monitoring DS04 Ensure Continuous Service A.14 Business Continuity Management
Business Impact Analysis
7 End User Computing EUC Policies and Procedures
EUC Risk Management
8 Electronic Banking Risk Management of E-banking
Reporting of Plan & Realization
9 IT Internal Audit IT Audit Referrence M02 Monitor and Evaluate Internal Control A.15.3 IS Audit considerations
IT Audit conducted by other parties
Internal Audit on other party services
IT Internal Audit Review A.15 Compliance
10 The use of IT Service provider IT Outsourcing DS02 Manage Third-Party Services

taken from anjar’s blog.

Leave a Reply

Your email address will not be published.