Privacy and cloud computing security documents
Assign topic to the user
Answer: Considering all perspectives you are working on, I suggest you consider all the documents on the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. This way you can have a systemic and integrated approach of all controls which cover specific clauses from both ISO 27017 (cloud computing services) and ISO 27018 (personally identifiable information in cloud services). Besides the documents you already mentioned, I can add these ones:
- Access Control Policy https://advisera.com/27001academy/documentation/access-control-policy/
- Information Transfer Policy https://advisera.com/27001academy/documentation/information-transfer-policy/
- Security Clauses for Suppliers and Partners https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/
These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Mar 15, 2017