ISO 17799

["siangmeng lim" <siangmeng () hotmail com>]

Hi,

Can someone help me in guiding me how a ISO 17799 certification process is 
carry out ? How should any organization approach this task if they have an 
intention to have their IT systems, various depts in the organizations to 
have a certain level of control and management of information ? Is there a 
difference in approaches and deliverables if it is a private company vs a 
gov agency ?

How are the scoping being done at the onset ? I understand the scope can be 
very extensive, and it is impossible to cover all grounds, how should the 
framework or framework be established and agreed upon with the management ?

Hope someone can provide a lead. thanks

Cheers
SM