Expert Advice Community

Guest

Privacy and cloud computing security documents

  Quote
Guest
Guest user Created:   Mar 15, 2017 Last commented:   Mar 15, 2017

Privacy and cloud computing security documents

I am working on information privacy protection in a cloud computing environment. Besides the Cloud Security Policy, Policy for Data Privacy in the Cloud, and ISMS Scope Document, what other documents do you think I require? I am working on this from a governance, risk management and compliance perspective.
0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 15, 2017

Answer: Considering all perspectives you are working on, I suggest you consider all the documents on the ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit. This way you can have a systemic and integrated approach of all controls which cover specific clauses from both ISO 27017 (cloud computing services) and ISO 27018 (personally identifiable information in cloud services). Besides the documents you already mentioned, I can add these ones:
- Access Control Policy https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/access-control-policy/
- Information Transfer Policy https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/information-transfer-policy/
- Security Clauses for Suppliers and Partners https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/security-clauses-for-suppliers-and-partners/

These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/loud/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 15, 2017

Mar 15, 2017