COBIT, ISO27001

IT Compliance PBI, COBIT, ISO27001

Berikut ini adalah salah satu Guidance mengenai IT AUDIT, yaitu Mapping antara PBI 9/15/2007, COBIT dan ISO27001,
Selain  itu ada guidance ITIL dan SDLC yang juga menjadi guidance utama standar pengelolaan IT.

No	PBI 09/15/2007	Area	COBIT	Area	ISO27001
1	Management	IT Management			A.5	Security policy
		IT Strategic Plan	P01	Define a Strategic IT Plan
		IT Organization	P07	Manage IT Human Resources	A.6	Organization of information security
		Personnel Control			A.8	Human resources security
		Project Management	P05	Manage the IT Investment
		Management Information System
		IT Risk Awareness Program	P09	Assess and Manage IT Risks
		Risk Monitoring & Measurement
2	System Dev & Acquisition	Project Management	P10	Manage Projects	A.12	IS Acquisition, Development & Maintenance
		Program Change Management	A06	Manage Changes
		Application Development Risk Management	A02	Acquire and Maintain Application Software
		Acquisition, Procurement & Outsourcing	A05	Procure IT Resources
3	IT Operational Activities	Data Center Operational	A04	Enable Operation and Use
		Capacity Planning	DS03	Manage Performance and Capacity
		Hardware & Software Configuration	DS09	Manage the Configuration
		Problem & Incident Management	DS08	Manage Service Desk and Incidents	A.13	Information Security Incident Mgmt
		Datawarehouse Management
		Library Function
		QA Function	P08	Manage Quality
		Third Party Relationship	DS01	Define and Manage Service Levels
		Disposal Management
		IT Operation Risk Management	DS13	Manage Operations
4	Communication Network	Network Management			A.10	Communications & Operations Mgmt
		Network Access Control			A.11	Access control
		Backup & Recovery
5	Information Security	Aset Management	DS05	Ensure Systems Security	A.7	Asset management
		Human Resources Management
		Physical & Environment Security	DS12	Manage Physical Environment	A.9	Physical and environmental security
		Logical Security
6	Business Continuity Plan	Active Management Monitoring	DS04	Ensure Continuous Service	A.14	Business Continuity Management
		Business Impact Analysis
7	End User Computing	EUC Policies and Procedures
		EUC Risk Management
8	Electronic Banking	Risk Management of E-banking
		Reporting of Plan & Realization
9	IT Internal Audit	IT Audit Referrence	M02	Monitor and Evaluate Internal Control	A.15.3	IS Audit considerations
		IT Audit conducted by other parties
		Internal Audit on other party services
		IT Internal Audit Review			A.15	Compliance
10	The use of IT Service provider	IT Outsourcing	DS02	Manage Third-Party Services

taken from anjar’s blog.