ISMS and Cloud computing
Assign topic to the user
Why would you go for 27017? Are you a client or a provider (IaaS, PaaS or Saas)?
1) ISO 27017 isn't out yet (last CD stage). It has to be used as a complement to ISO 27002:2013 in Cloud environments, as ISO 27018 is for Privacy protection in the Cloud environment (Published last year).
2) You are certified against ISO 27001 not against anything else in informations security. One may use any reference' (s)he wants in complement to Annex A (= ISO 27002:2013).
You may introduce the Cloud in your scope, as more and more IT companies are doing. As a client its an outsourced service; as a provider its part of your activities with possible outsourcing of elements of the cloud.
This article may hop you: « Cloud computing and ISO 27001 / BS 25999 »: https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/
Comment as guest or Sign in
Jan 12, 2016