Expert Advice Community

Guest

Assets

  Quote
Guest
Guest user Created:   Dec 06, 2022 Last commented:   Dec 06, 2022

Assets

If the business is implementing ISO 27001 and their all servers, and assets are on the cloud only except a few laptops, and ISMS scope is all services provided by their business in which cloud servers are being used, so my understanding says cloud servers will also be a part of the scope in assets list for the ISMS audit. Business is assuming cloud servers should not be in the scope as they are not going with ISO 27017 certification which is focusing on cloud security.., my own opinion is cloud assets would be part of the scope and they should be part of the ISMS audit. Please confirm your opinion.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 06, 2022

ISO 27001 is a cybersecurity standard that contains some controls (safeguards) for the cloud, so most companies do include cloud assets in the scope when implementing this standard. In other words, if you have sensitive data in the cloud, it makes sense to include your cloud environment in the scope even if you do not go for ISO 27017. 

ISO 27017 provides you with some extra controls for the cloud environment, but this does not mean that the cloud environment should be excluded if you do not go for this standard. 

See also: 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 06, 2022

Dec 06, 2022

Suggested Topics