ISO 27001-ISO 27017 and ISO 27018
Our company is ISO 27001-2013 certified and also attested 27018 and 27017.
The question is if we move our apps into the cloud, will this revoke our certificate - we can not claim that we are ISO certified ?!
My personal opinion, No, we still are certified and will continue be certified as long as all our security controls are in place and we are taking all necessary measures and keeping monitoring the effectiveness of our control
Assign topic to the user
If these apps you mentioned are not negatively affecting your ISMS scope by going into the cloud, or if their impacts are considered in the ISMS in a way that the related risks are acceptable, e.g., by the application of proper controls, then your assumption is correct, and your ISO 27001 certification is not at risk.
These articles will provide you a further explanation about ISO 27001 scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
May 20, 2020