Rob Koziy of OSI, who had provided me the information on which I based my most recent post, sent me this clarification yesterday, regarding their policy regarding making their audit report available. This seems to be a confirmation that one or two guesses I made were correct. As they say, it's smarter to be lucky than it's lucky to be smart.
OSI
anticipates that our ISO 27001/27002 independent audit report will be posted on
our CIP-013 secure webpage in the April timeframe. In addition we
will provide copies of OSI policies-procedures that were reviewed during the
audit and specifically relate to CIP-013 requirements for compliance to
27001/27002 controls.
No comments:
Post a Comment