Expert Advice Community

Guest

ISO 27017, ISO 27018 and certifications

  Quote
Guest
Guest user Created:   Oct 31, 2017 Last commented:   Oct 31, 2017

ISO 27017, ISO 27018 and certifications

So v2013 is pretty much fully evolved. But it needs a new sentence - Ensure your cloud provider is certified to 27017 for security and 27081 for privacy?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 31, 2017

Question refers to this article: European 2017 Revision of ISO/IEC 27001: What has changed? https://advisera.com/27001academy/blog/2017/10/25/european-2017-revision-of-isoiec-27001-what-has-changed/

Answer: ISO 27017 and ISO 27018 are not certifiable standards (they are supporting standards to help implement controls form ISO 27001 Annex A the same way ISO 27002 is), so this new sentence is not applicable. For those organizations making use of ISO 27001 and cloud providers, better questions to ask would be: "Are our cloud providers compliant/certified against ISO 27001 requirements and adopt recommendations from 27017 for cloud security and 27081 for privacy protection?"

These articles will provide you further explanation about ISO 27002, ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 31, 2017

Oct 31, 2017