Certification of cloud based business
Assign topic to the user
Answer:
Organizations of any size or kind can be certified against ISO 27001, provided they fulfill the standard's requirements.
In cases like yours, where operations are performed on third-party cloud services, what happens regarding controls is that most of them are operated by the provider, but you still have to be aware of them (by means of risk assessment) and treat them properly (in this case by means of security clauses on your service agreement with the provider). Many of our clients are smaller companies that operate through the cloud, and they have implemented the standard and got certified successfully.
These articles will provide you further explanation about ISMS scope considering cloud services and management of suppliers:
- Defining the IS MS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Feb 15, 2019