Guest user Created: Dec 14, 2017 Last commented: Dec 14, 2017

Identifying a Cloud Service Provider

We offer trust service providers and we store some data and documents for our clients in the cloud, which they can access at any time. Does this makes us a Cloud Service Provider, and thus our ISO 27001 should be drafted in this regard? For example in the Backup Policy there is the following section and your comment:

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Dec 14, 2017

"3.3. Backup information to cloud service customers
Depending upon the cloud model adopted, the cloud service customer may be responsible for the backup process.
For example, in an IaaS model, the cloud service provider is responsible for the backup of the infrastructure, while backup of data and systems are the cloud service customer’s responsibility"

Answer: Cloud service providers (CSPs) are companies that offer network services, infrastructure, or business applications in the cloud. Since you offer trust services and a degree of data storage, your organization can be identified as a CSP and you should consider this situation when planning your ISO 27001 ISMS.

This article will provide you further explanation about s cope definition:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 14, 2017

Expert Advice Community