I want to know about the designing policies for a startup that has everything on cloud.
Assign topic to the user
I'm assuming that by "having everything on the cloud" you mean you are using a cloud service provider.
Considering that, the policies and documents you will need to develop will depend on:
- the type of cloud service you use (e.g., IaaS, PaaS, or SaaS). The more your provider controls (from IaaS to SaaS), the fewer documents you will need to develop.
- the relevant risks you decide to treat.
- the legal requirements you need to fulfill.
In terms of content, it will depend on issues like:
- complexity level
- employees maturity
- how often tasks are performed
These articles will provide you a further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- How detailed should the ISO 27001 documents be? https://advisera.com/27001academy/blog/2014/09/22/detailed-iso-27001-documents/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
This material will also provide you further information:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 19, 2020