Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO 27001 - Capacity SaaS

  Quote
Guest
Guest user Created:   Aug 12, 2021 Last commented:   Aug 12, 2021

ISO 27001 - Capacity SaaS

Hello - I have purchased the ISO27001 Toolkit and the auditor asked about capacity planning reporting for SaaS like Microsoft 365 apps (Devops/Sharepoint).

In Short - how do you address capacity planning in SaaS which is out of your control ?

He points to cpu and utilisation, but even though i explained this, his says that i should still have oversight and be able to check the capacity of the services provided. I am not sure if i could or should or be allowed to exclude the hardware of the SaaS provider in my scope ?

I hope you can advise.....

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 12, 2021

Even when using SaaS you can define capacity planning, but the performance indicators need to be related to the service, not hardware elements, because, as you said, these are not under your control.

In this case, you should consider elements like the number of simultaneous users, or other elements you can measure from your side, like hours of use, requests per second. In all cases, you need to consider the impact of communication links in these measurements (a bad link can make it impossible for you to achieve all performance made available by the SaaS provider).

But please note that capacity planning for ISO 27001 would be required only if relevant risks, or legal requirements, demand implementation of control A.12.1.3 Capacity management.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 12, 2021

Aug 12, 2021

Suggested Topics

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 2
0 0

ISO 27001 implementation

Rena Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio ISO Documentation

Guest user Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO27001 Implementation