Expert Advice Community

Guest

Communication Security

  Quote
Guest
Guest user Created:   Jul 10, 2020 Last commented:   Jul 10, 2020

Communication Security

I want to know how to document network controls when we don't have a specific server for our company connecting the computers.
All our databases are cloud based, so we don't require a server. Can I exclude A.13.1 fully.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 10, 2020

I'm assuming your organization is using outsourced cloud services.

Considering that, you can exclude controls only if you do not have relevant risks that can be treated by them, and there are no legal requirements (e.g., laws, regulations, or contracts). For example, the organization needs to implement a control to fulfill GDPR, or there are relevant risks related to information backup.

When using outsourced cloud services, you can verify if the provider has implemented such controls. In case they did, define in Statement of Applicability that the required controls are implemented by the provider.

This article will provide you a further explanation about supplier management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 10, 2020

Jul 10, 2020

Suggested Topics