LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISMS scope for cloud environment

  Quote
Guest
Guest user Created:   May 10, 2018 Last commented:   May 10, 2018

ISMS scope for cloud environment

Could you please let me know how to do ISMS scope if the company does software development also offer SaaS to the cloud how should I scope it. I know how to do scope I don't know cloud what happens in cloud
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 10, 2018

Answer: When an organization provides SaaS, it is important to identify which elements it has direct control over, because these are the elements that will be part of the ISMS scope.

For example, if your organization owns the datacenter that hosts your SaaS, then the physical environment, hardware, and software (e.g., virtual servers, operational systems and applications), must be included in the ISMS scope. On the other hand, if your SaaS is hosted on an outsourced datacenter provider, the most probable situation is that you have only to include the application you provide to your customers in the ISMS scope (the other elements will be handled by means of controls related to supplier relationship management). In case of use of outsourced datacenter provider, for a precise answer you must verify the service agreement established with the provider.

This article will provide you further explanation about defining a scope considering cloud models:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Regarding the software development process performed by your organization, and assuming it is unrelated to the SaaS provided, it may be included normally as part of the scope. An example of text would be:

"The ISMS scope is defined by the information related to the organization's software development processes and the information related to the service XXX, provided as SaaS by the organization to its clients."
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 10, 2018

May 10, 2018

Suggested Topics