Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

ISMS and Cloud computing

"Does one need to get ISO/IEC 27001 to get ISO/IEC CD 27017? Is it possible to scope ISO/IEC 27001 to JUST the cloud environment? "

0 0

Assign topic to the user

Select user

Guest

Guest post Jan 12, 2016

Why would you go for 27017? Are you a client or a provider (IaaS, PaaS or Saas)?
1) ISO 27017 isn't out yet (last CD stage). It has to be used as a complement to ISO 27002:2013 in Cloud environments, as ISO 27018 is for Privacy protection in the Cloud environment (Published last year).
2) You are certified against ISO 27001 not against anything else in informations security. One may use any reference' (s)he wants in complement to Annex A (= ISO 27002:2013).

You may introduce the Cloud in your scope, as more and more IT companies are doing. As a client its an outsourced service; as a provider its part of your activities with possible outsourcing of elements of the cloud.

This article may hop you: « Cloud computing and ISO 27001 / BS 25999 »: https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community