ISO certifications for cloud computing
Assign topic to the user
I was checking ISO/IEC 27017:2015, and wondering if I'm missing something.
Answer:
There is no specific ISO certifications for cloud computing. What you can consider is the implementation of specific controls of ISO 27017 in an ISMS (ISO 27001 already cover the general controls to also protect cloud services), if you have specific requirements (e.g., laws, regulations or contracts) demanding security controls for cloud environments.
Additionally, I suggest you to consider ISO 27018, ISO standard related to protection of Personal Identifiable Information (PII), to fulfill potential requirements you have regarding the protection of customers privacy.
These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Jan 02, 2019