Expert Advice Community

Guest

About implementing ISO 27001

  Quote
Guest
Guest user Created:   Sep 04, 2020 Last commented:   Sep 04, 2020

About implementing ISO 27001

1 - My situation is that I am an intern at a small company whose servers are in the cloud (***), and they have a website of their own. So my question is implementing ISO27001 would be meaningless for such architecture, if not how should i define the context of the organization in such a case.

2 - Also what sources would help a beginner like me to achieve this implementation of the standard. By the way, I started the course online in advisera titled "ISO 27001:2013 Lead Implementer Course" is it a good start?

 

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 04, 2020

1 - My situation is that I am an intern at a small company whose servers are in the cloud (***), and they have a website of their own. So my question is implementing ISO27001 would be meaningless for such architecture, if not how should i define the context of the organization in such a case.

SO 27001 aims the protection of information regardless of where it is, so it is also applicable when the information to be protected is hosted in a cloud solution.

The definition of the ISMS scope when information is on a cloud solution will depend on the control you have over the cloud

  • for IaaS, the scope excludes physical infrastructure and virtual machines
  • for PaaS, the scope excludes virtual servers, and, to some degree, applications
  • for SaaS, the scope excludes datacenter facilities’ physical location, hardware, and software

This article will provide you a further explanation about defining a scope considering cloud models:

2 - Also what sources would help a beginner like me to achieve this implementation of the standard. By the way, I started the course online in advisera titled "ISO 27001:2013 Lead Implementer Course" is it a good start?

To help beginners to implement ISO 27001 Advisera provides several articles and downloadable materials the can provide guidance.

Additionally, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/01academy/emy/ademy/my/iso-27001-documentation-toolkit/

This toolkit has the mandatory and most commonly used documents for an ISO 27001 implementation, and they include comments that can help to customize the documents to your organization's needs.

Regarding the Lead Implementer course, it is a good way to start an understanding of how to implement ISO 27001.

These articles will provide you a further explanation about ISO 27001:

These materials will also help you regarding ISO 27001:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 04, 2020

Sep 04, 2020