[arin-discuss] Legacy RSA

Ted Mittelstaedt tedm at ipinc.net
Tue Nov 6 15:34:01 EST 2007



>-----Original Message-----
>From: Howard, W. Lee [mailto:Lee.Howard at stanleyassociates.com]
>Sent: Tuesday, November 06, 2007 7:07 AM
>To: Ted Mittelstaedt; Dean Anderson
>Cc: arin-discuss at arin.net
>Subject: RE: [arin-discuss] Legacy RSA
>
>
>>  That is why it's important to have regular 
>> audits of these groups.  I would challenge you to investigate 
>> this, obtain and read the auditors report and see what they 
>> had to say.
>
>The auditor's report is available at
>http://www.arin.net/about_us/corp_docs/annual_rprt.html
>
>As reported at the Members Meeting, we are also having a
>separate audit of our financial controls, by an independent
>auditor, who provides no other services to ARIN.  We're not 
>required to do this, and in fact it's unusual for an 
>organization like ARIN to do so, but we want every possible 
>assurance that we have adequate controls.
>

Lee,

  Just a point here.  These audits are financial, not operational.
Has ARIN considered having an ISO management audit performed?  The
obvious one would be ISO 9001:2000 but they also have a new one -
ISO 27001:2005 that might be of interest.

Ted





More information about the ARIN-discuss mailing list