Guest
ISO 27017 and ISO 27018
I have been asked a question regarding a customer showing to their customer that they have aligned the ISO 27017 ISO 27018 controls to the ISO 27001/ISO 27002 Annex A controls. Could this be entered on the certificate or mentioned in the scope statement if it was included in the needs & expectations of interest parties?
Assign topic to the user
Expert
Rhand Leal
Jun 24, 2021
You need to confirm this information with your certification body, but if the ISO 27017 ISO 27018 controls were audited during your ISO 27001 certification audit this information can be included in your customer certificate.
These articles can provide further information:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Jun 24, 2021
Jun 24, 2021
Jun 24, 2021