It depends on the level of detail required and the audience for the policy. ISO will provide indepth administration and technical criteria related to a policy ….ie…provides details from start to finish on what is the purpose of the policy, scope, and tools used to monitor that the policy is in effect.
COBIT will provide more generic IT information on controls and what you can use to monitor those controls, i.e….what an auditor or IT administrator requires in order to assess that the control is working.
Recently we had a new Managed IDC for customer & we already TL9000 certified.
Now for IDC we are under process for ISO 27001
The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System
Check into the <a href=”http://csrc.nist.gov/”>NIST Computer Security Resource Center</a> and its publications. There is a wealth of information here for your use and implementation assistance.