Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Protecting and keeping data safe

  Quote
Guest
Guest user Created:   Feb 25, 2021 Last commented:   Feb 25, 2021

Protecting and keeping data safe

The question I had: Do we as a company get by extension the benefits of cloud companies having all the certificates and good practices when it comes to protecting and keeping data safe. We are working with *** and ***. An example scenario would be an auditor asking my company how we back up data? And our answer is that we back up our data on 2 different servers: *** and *** for example. Would that be OK? Since we are not the ones responsible for the data, but we are offloading this to a much more secure company. Is this something that we can evaluate as low risk and not implement special controls when it comes to protecting this data, since we are getting the benefits of using a cloud provider?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 25, 2021

First is important to note that only because you are transferring the risk to a cloud provider, it does not mean the risk will be automatically lower. It only means that it will be handled by other entities, which in most cases will have a better cost-benefit relation when comparing to treating the risk yourself.

Considering that, to get by extension the benefits of a certified cloud provider, and ensure the provider will handle your data properly, you need to have a contract or service agreement with it covering your security needs. So, instead of implementing controls related directly to the identified risks, you will need to consider for them controls to handle supplier relationships.

These articles will provide you a further explanation about supplier security:

These materials will also help you regarding supplier security:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 25, 2021

Feb 25, 2021