Expert Advice Community

Guest

CSP - CSC - end user in iso 27017

  Quote
Guest
Guest user Created:   Mar 23, 2021 Last commented:   Mar 23, 2021

CSP - CSC - end user in iso 27017

I would really appreciate your opinion on this iso27017 matter. This is the case.

Company A is ISO27001 certified for the ".... management of cloud infrastructure (IaaS)"

Company A does not have its own data center.

Company A provides IaaS services based on cloud resources and technology of a Big provider (such as MS Azure vmware solution) with which Company A has a contract.

Company A wants to integrate iso27017 to its current iso27001 certificate (which already includes IaaS services).

From an iso27017 perspective, is company A to be considered cloud service customer or cloud service provider or both? And why?

Thanks in advance

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 23, 2021

In this scenario, Company A needs to be considered both cloud service customer and cloud service provider.

This happens because company A needs to fulfill customers’ requirements related to cloud security (in this case it acts as a cloud provider), and at the same time it needs to enforce these requirements, and its own, on its suppliers (in this case it acts as cloud customer).

This article will provide you a further explanation about ISO 27017:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Mar 23, 2021

Mar 23, 2021

Suggested Topics

Guest user Created:   Oct 22, 2021 ISO 27001 & 22301
Replies: 1
0 0

AML-ISO 27001

Lee Created:   Oct 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO27001 Lead Implementer Training