LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Certification of cloud based business

  Quote
Guest
Guest user Created:   Feb 15, 2019 Last commented:   Feb 15, 2019

Certification of cloud based business

I am planning to go for 27k1 audit certification and GDPR DPO certification, just need to plan well my time. One question, is a very small “company” of Consultants, that only have resources in the cloud, able to be certified in 27K1?There are so many controls that don’t be applicable…
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 15, 2019

Answer:

Organizations of any size or kind can be certified against ISO 27001, provided they fulfill the standard's requirements.

In cases like yours, where operations are performed on third-party cloud services, what happens regarding controls is that most of them are operated by the provider, but you still have to be aware of them (by means of risk assessment) and treat them properly (in this case by means of security clauses on your service agreement with the provider). Many of our clients are smaller companies that operate through the cloud, and they have implemented the standard and got certified successfully.

These articles will provide you further explanation about ISMS scope considering cloud services and management of suppliers:
- Defining the IS MS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 15, 2019

Feb 15, 2019

Suggested Topics

Guest user Created:   Jan 29, 2020 ISO 27001 & 22301
Replies: 1
0 0

SaaS products

Guest user Created:   Jun 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 query

Guest user Created:   Mar 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

27001 ISMS Scope Question