Certified providers

Answer: According to Google information (https://gsuite.google.com/learn-more/security/security-whitepaper/page-5.html), Google GSuite is ISO 27001 certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council. A copy of the certificate can be accessed through this link: https://services.google.com/fh/files/misc/eycp_2018_gsuite_iso_27001.pdf

2. In Office 365 hosted solution will we clear all the ISO 27001 controls?

Answer: According to Microsoft information (https://aka.ms/o365iso27001cert), Office 365 solution is ISO 27001 certified and all ISO 27001 controls from Annex A are applicable to its scope (https://aka.ms/o365isosoa)

3. Can we pass the ISO 270001 audit with Office 365 cloud based solution?

Answer: Probably yes, but you have to evaluate carefully the SoA for Office 365 to verify if the way the controls are implemented will fulfill your needs.

It is important to note that for the certification audit it is much m ore important how an organization controls their service providers than which certificates do service providers have.

These articles will provide you further explanation about security with suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/