Expert Advice Community

Guest

ISO 27001 - Cloud Services

  Quote
Guest
Guest user Created:   Sep 04, 2020 Last commented:   Sep 04, 2020

ISO 27001 - Cloud Services

 have a question about cloud services:

I've read that we should include in Scope only data for SaaS, or data and application software for IaaS, etc.

Does it mean that we have to write that in our ISMS Scope document, or is it self-explanatory and we just consider that later during Risk Assessment?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 04, 2020

The ISMS scope states the information you want your ISMS to protect, so what you want to protect (in your example data and application software) needs to be stated in the ISMS. The detail that it is located in a cloud solution can be kept to be stated during the Risk Assessment.

This article will provide you a further explanation about the scope definition in the cloud:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Sep 04, 2020

Sep 04, 2020

Suggested Topics

Guest user Created:   Jun 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope