Let's look at this from the perspective of the chicken or the egg. If you start with ISO 27001 and fully implement...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the framework -- a big job, indeed -- it is highly likely that you'd be in pretty good shape for a SAS70. There are differences in the requirements that go beyond the scope of this Q&A,, but for the most part -- especially relative to security controls -- 27001 should get you pretty close to SAS70.
But I'm not sure the converse is true. Since 27001 is fairly comprehensive (over 200 technology practices and procedures to the point of potential overkill), a SAS70 certification is a start, but would require a significant amount of additional work to get to 27001, especially relative to documentation. You'd basically need to start from the beginning, doing a gap analysis of your own environment relative to 27001. You should be able to use some of the documentation from your SAS70, but how much will depend on the specifics of your environment.
The last point I'll mention is that no certification is going to guarantee you security or peace of mind. In a perfect world, you can spend a year and a ton of money getting to a certain certification, but if you have neither the time nor the resources, you are best off instead figuring out which business systems are most important to your organization and moving decisively to protect them.
For more information:
Dig Deeper on ISO 17799
Related Q&A from Mike Rothman
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.