LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISO 27001 query

  Quote
Guest
Guest user Created:   Jan 13, 2022 Last commented:   Jan 13, 2022

ISO 27001 query

I have a question. For an organization that having servers on premise and on cloud, to comply with 12.4.4 Clock synchronization: All systems should be configured with the same time and date. Which servers in the cloud that should have the same time as the servers on premise: SaaS DaaS IaaS or none of the cloud should sync?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2022

I’m assuming that by DaaS you mean Device as a Service.

Normally, control A.12.4.4 applies only to on-premise servers because these are the servers you fully control. If your risk assessment or requirements ask that both on-premise and cloud servers need to be synchronized, then regardless of the environment or cloud model, to be compliant with control 12.4.4 all servers in the same security domain (i.e., under the influence of the same controls) need to be synchronized to a single reference time source.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2022

Jan 13, 2022