Expert Advice Community

Guest

ISO 27017/ISO 27018 Implementation

  Quote
Guest
Guest user Created:   Oct 13, 2016 Last commented:   Oct 13, 2016

ISO 27017/ISO 27018 Implementation

Hi, please I found some info related 27017/18 implementation where an ISMS 27001 is already implemented (but Cloud is not in the scope of 27001 certification).
0 0

Assign topic to the user

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 & ISO 22301 PREMIUM DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Oct 13, 2016

Answer:
You are right, I mean, you can certify ISO 27001 for a limited scope of your organization, and you can exclude, for example, the cloud environment. But, if you have implemented ISO 27017/2018, which is simply a code of best practices with specific controls related to the cloud, it is very easy to extend the scope of the ISO 27001 to the cloud environment, because these standards only include some new security controls. So, in this case, our recommendation would be to extend the scope of the ISO 27001 to the cloud environment.

Regarding your second question, there are some certification bodies offering certifies against ISO 27017/27018, although are not regular certificates like ISO 27001, ISO 9001, etc.

These articles can be interesting for you:

“ISO 27001 vs. ISO 27017 - Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

“ISO 27001 vs. ISO 27018 - Standard for protecting privacy in the cloud” : https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

“Resolving cloud security concerns by defining clear responsibilities according to ISO 27017” : https://advisera.com/27001academy/blog/2016/08/23/resolving-cloud-security-concerns-by-defining-clear-responsibilities-according-to-iso-27017/

Finally, these materials will help you to know more about the ISO 27001:
- free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 13, 2016

Oct 13, 2016

Suggested Topics