ISO 27017, ISO 27018 and certifications
Assign topic to the user
Question refers to this article: European 2017 Revision of ISO/IEC 27001: What has changed? https://advisera.com/27001academy/blog/2017/10/25/european-2017-revision-of-isoiec-27001-what-has-changed/
Answer: ISO 27017 and ISO 27018 are not certifiable standards (they are supporting standards to help implement controls form ISO 27001 Annex A the same way ISO 27002 is), so this new sentence is not applicable. For those organizations making use of ISO 27001 and cloud providers, better questions to ask would be: "Are our cloud providers compliant/certified against ISO 27001 requirements and adopt recommendations from 27017 for cloud security and 27081 for privacy protection?"
These articles will provide you further explanation about ISO 27002, ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Oct 31, 2017