Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 for datacenters

  Quote
Guest
Guest user Created:   Mar 28, 2019 Last commented:   Mar 28, 2019

ISO 27001 for datacenters

Can I use ISO 27001 to claim "certification" of a data centre? The content seems more around guidelines and not sufficient to rely on particularly if the company classifies information. In Australia the Federal Government certifies data centres from T1 (Unclassified/Public) to T4 (Top Secret). Are you aware of other countries or organisations that do this?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 28, 2019

Answer:

ISO 27001 can be used to certify organizations of any industry or size regarding how they protect information (by using a risk management approach to identify and treat relevant risks), so you can use it to certify a data center.

We are not experts on countries local regulations or practices, so we cannot inform you if other countries or organizations apply the same approach as you described for the Australia Federal Government, but what we can say is that, in the case of Australia Federal Government, ISO 27001 can help you identify the requirements you need to fulfill for the classification level you want to apply to, and select, implement and manage the proper controls to h andle relevant risks.

For example, if for T4 level cryptographic controls are required, ISO 27001 can provide guidance on this by means of controls A.10.1.1 Policy on the use of cryptographic controls and A.10.1.2 Key management.

These articles will provide you further explanation about ISO 27001:
- ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 Case study for data centers: An interview with Goran Djoreski https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 28, 2019

Mar 28, 2019

Suggested Topics

Guest user Created:   Aug 14, 2020 ISO 27001 & 22301
Replies: 1
0 0

Defining the Scope

Guest user Created:   Nov 06, 2018 ISO 27001 & 22301
Replies: 1
0 0

A.12.5.1 concepts