Expert Advice Community

Guest

Cloud security controls

  Quote
Guest
Guest user Created:   Aug 27, 2018 Last commented:   Aug 27, 2018

Cloud security controls

I was wondering what is the best way to include cloud controls.. we are in the process of ISO 27001 and some of our operations / products are in cloud.. do we need to look at 27017 ? For ISO 27001 certification , is that enough , do external auditors look for 27017 for ISO 27001 certification for services in Cloud?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 27, 2018

Answer:

ISO 27001 controls are generic enough to cover cloud information security risks without the need to relay on ISO 27017, so it is not mandatory to look at ISO 27017 for ISO 27001 certification purposes.

Regarding external auditors, they will only look for ISO 27017 controls if your organization has identified they are requirement for your ISMS (e.g., your organization must comply with a law, regulation or contract that demands for ISO 27017 controls).

These articles will provide you more information:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- Which questions wi ll the ISO 27001 certification auditor ask? Which questions will the ISO 27001 certification auditor ask?
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 27, 2018

Aug 27, 2018

Suggested Topics