Guest user Created: Mar 15, 2017 Last commented: Mar 15, 2017

Privacy and cloud computing security documents

I am working on information privacy protection in a cloud computing environment. Besides the Cloud Security Policy, Policy for Data Privacy in the Cloud, and ISMS Scope Document, what other documents do you think I require? I am working on this from a governance, risk management and compliance perspective.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 15, 2017

Answer: Considering all perspectives you are working on, I suggest you consider all the documents on the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. This way you can have a systemic and integrated approach of all controls which cover specific clauses from both ISO 27017 (cloud computing services) and ISO 27018 (personally identifiable information in cloud services). Besides the documents you already mentioned, I can add these ones:
- Access Control Policy https://advisera.com/27001academy/documentation/access-control-policy/
- Information Transfer Policy https://advisera.com/27001academy/documentation/information-transfer-policy/
- Security Clauses for Suppliers and Partners https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/

These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 15, 2017

Expert Advice Community