Expert Advice Community

Guest

GCP security controls which comply with ISO 27017

  Quote
Guest
Guest user Created:   Sep 14, 2020 Last commented:   Sep 14, 2020

GCP security controls which comply with ISO 27017

Can you advice me on GCP security controls which comply with ISO 27017 with respect to application level security..could you please help me with that..would be a great help for me?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 14, 2020

I'm assuming that by GCP you mean Google Cloud Platform.

Considering that, please note that we are not aware of which security controls GCP has implemented, so we cannot say which ones are related to applications. Although GCP is ISO 27017 certified (https://services.google.com/fh/files/misc/gcp_iso27017_spring_2020.pdf) its Statement of Applicability is not available.

Generally speaking applicable controls regarding applications would be from section A.14 (System acquisition, development, and maintenance)  from ISO 27001 Annex A (please remember that ISO 27017 is a supporting standard for controls from ISO 27001).

Specific controls from ISO 27017 that may apply would be:

  • 9.5.1 Segregation in virtual computing environments
  • 12.1.5 Administrator’s operational security
  • 12.4.5 Monitoring of cloud services

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 14, 2020

Sep 14, 2020

Suggested Topics

Guest user Created:   Jul 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Vendor security clauses

Guest user Created:   Jul 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question on ISO 27001