Guest user Created: Jun 20, 2018 Last commented: Jun 20, 2018

ISO 27001 toolkit for SaaS companies

Is the ISO 27001 documentation toolkit also useful for SaaS companies? A SaaS company that uses Microsoft Azure (or AWS that is ISO 27001 certified already) to host its solution is very different from a typical organization. Are you aware of any detailed information guidelines around defining risk and scope for an ISO 27001 implementation of a SaaS solution provider? I think this would help get started on the right track.

0 1

Assign topic to the user

Select user

Expert

Dejan Kosutic Jun 20, 2018

Answer: Many of our clients are companies that provide SaaS and are using large hosting providers like AWS, Azure and similar - so yes, this toolkit is applicable for such companies, especially if they are small or medium-sized (up to 500 employees).

Here's a very useful article on defining the ISMS scope when using hosting services: Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 19, 2018

Expert Advice Community