Feedback on Cloud Computing
What says ISO 27001 about deleting information on cloud computing?
Assign topic to the user
SO 27001 does not provide specific controls for cloud computing, but you can adopt and adapt some of its controls for cloud computing.
For example, you can use control A.8.3.2 Disposal of media (which states that media must be disposed in a secure and formal way when no longer required), considering that virtual machine as a "media".
For specific recommendations about cloud computing, you can consult ISO 27017 and ISO 27018, which provides specifics applicable to cloud computing regarding controls from ISO 27001 Annex A.
These articles can provide you more details on data disposal in ISO 27001:
- 5 practical tips for media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2018/10/22/5-practical-tips-for-media-disposal-according-to-iso-27001/
- Secure equipment and media disposal according to ISO 27001 https://advisera.com/27001academy/blog/2015/12/07/secure-equipmentand-media-disposal-according-to-iso-27001/
These articles will provide you a further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Jul 09, 2020