Guest
Do we need separate Cloud Security Policy?
If our business is Saas and it's all in CLoud for example.
Currently, we need to have Information Security Policy as the required document. But do we need a separate Cloud Security Policy ?
Assign topic to the user
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Jul 20, 2022
Unless you have a legal requirement (e.g., law, regulation, or contract) demanding a Cloud Security Policy, you do not have to implement one. The Information Security Policy is enough to provide guidelines for the protection of information in cloud environments
For further information, see:
- What is the ISO 27001 Information Security Policy, and how can you write it yourself? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Comment as guest or Sign in
Jul 20, 2022
Jul 20, 2022
Jul 20, 2022