ISO 27001 data center control requirements
I have a question, what ISO 27001 data center control requirements for facilities and operations?
Assign topic to the user
ISO 27001 does not prescribe specific controls for data centers, although controls from ISO 27001 Annex A can be applied to data centers as well. To identify which controls would be applicable to your data center you need to perform a risk assessment process. Some common adopted controls are:
- Physical Access Control
- Uninterruptible Power Supply (UPS)
- Audit Logs of all user activities and monitoring the same
For more information, see:
- The most common physical and network controls when implementing ISO 27001 in a data center https://advisera.com/27001academy/blog/2019/02/26/the-most-common-physical-and-network-controls-when-implementing-iso-27001-in-a-data-center/
For requirements for a data center, you can take a look at the ANSI/TIA-942 standard. Although it is not ISO (it is an American National Standard) it provides several specifications considering availability and other security needs.
This article will provide you a further explanation about controls definition:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
These materials will also help you regarding controls definition:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Feb 08, 2020