Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Regarding ISO 27001

Hi, Please provide your view on this I've invited External auditor for ISO 27001 for one of the client. As if now, the client Datacenter managed by them (Datacenter room is situated in same building where client is operating (workplace) but all other controls are managed by client only) Now client is planning to move their data center at different place provided third party datacenter provider. Now all controls related to physical security managed by third party and it is already ISO 27001 certified. My Queries: What is going to be the difference in case client move its datacenter after gets certified. How we can leverage that datacenter service provider ISO 27001 once client will move its datacenter.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

I'm not sure if I understood your situation correctly, but here are the answers:

If a location has changed, this means you have to change your ISMS scope.
For any significant change a risk assessment has to be performed/reviewed, which will most probably result with new required controls.
The fact that the third party service provider is ISO 27001 certified doesn't change much - still a risk assessment must be performed, and risks related with a third party must be addressed in the agreement.

These articles will help you:

ISO 27001 risk assessment: How to match assets, threats and vulnerabilities ISO 27001 risk assessment: https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community