ISO 27017/ISO 27018 Implementation
Assign topic to the user
Answer:
You are right, I mean, you can certify ISO 27001 for a limited scope of your organization, and you can exclude, for example, the cloud environment. But, if you have implemented ISO 27017/2018, which is simply a code of best practices with specific controls related to the cloud, it is very easy to extend the scope of the ISO 27001 to the cloud environment, because these standards only include some new security controls. So, in this case, our recommendation would be to extend the scope of the ISO 27001 to the cloud environment.
Regarding your second question, there are some certification bodies offering certifies against ISO 27017/27018, although are not regular certificates like ISO 27001, ISO 9001, etc.
These articles can be interesting for you:
“ISO 27001 vs. ISO 27017 - Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
“ISO 27001 vs. ISO 27018 - Standard for protecting privacy in the cloud” : https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
“Resolving cloud security concerns by defining clear responsibilities according to ISO 27017” : https://advisera.com/27001academy/blog/2016/08/23/resolving-cloud-security-concerns-by-defining-clear-responsibilities-according-to-iso-27017/
Finally, these materials will help you to know more about the ISO 27001:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Oct 13, 2016