Cloud security controls
Assign topic to the user
Answer:
ISO 27001 controls are generic enough to cover cloud information security risks without the need to relay on ISO 27017, so it is not mandatory to look at ISO 27017 for ISO 27001 certification purposes.
Regarding external auditors, they will only look for ISO 27017 controls if your organization has identified they are requirement for your ISMS (e.g., your organization must comply with a law, regulation or contract that demands for ISO 27017 controls).
These articles will provide you more information:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- Which questions wi ll the ISO 27001 certification auditor ask? Which questions will the ISO 27001 certification auditor ask?
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
Comment as guest or Sign in
Aug 27, 2018