ISO 27001 for datacenters

Answer:

ISO 27001 can be used to certify organizations of any industry or size regarding how they protect information (by using a risk management approach to identify and treat relevant risks), so you can use it to certify a data center.

We are not experts on countries local regulations or practices, so we cannot inform you if other countries or organizations apply the same approach as you described for the Australia Federal Government, but what we can say is that, in the case of Australia Federal Government, ISO 27001 can help you identify the requirements you need to fulfill for the classification level you want to apply to, and select, implement and manage the proper controls to h andle relevant risks.

For example, if for T4 level cryptographic controls are required, ISO 27001 can provide guidance on this by means of controls A.10.1.1 Policy on the use of cryptographic controls and A.10.1.2 Key management.

These articles will provide you further explanation about ISO 27001:
- ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 Case study for data centers: An interview with Goran Djoreski https://advisera.com/27001academy/blog/2013/10/29/iso-27001-case-study-for-data-centers-an-interview-with-goran-djoreski/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/