Guest
ISO 27001 toolkit for SaaS companies
Is the ISO 27001 documentation toolkit also useful for SaaS companies? A SaaS company that uses Microsoft Azure (or AWS that is ISO 27001 certified already) to host its solution is very different from a typical organization. Are you aware of any detailed information guidelines around defining risk and scope for an ISO 27001 implementation of a SaaS solution provider? I think this would help get started on the right track.
Assign topic to the user
Expert
Dejan Kosutic
Jun 20, 2018
Answer: Many of our clients are companies that provide SaaS and are using large hosting providers like AWS, Azure and similar - so yes, this toolkit is applicable for such companies, especially if they are small or medium-sized (up to 500 employees).
Here's a very useful article on defining the ISMS scope when using hosting services: Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
Jun 19, 2018
Jun 19, 2018
Jun 19, 2018