Expert Advice Community

Home / ISO 27001 & 22301 / SaaS provider

Guest

SaaS provider

ISO 27001 & 22301

Quote

Guest user Created: Apr 27, 2022 Last commented: Apr 27, 2022

SaaS provider

ISO 27001 & 22301

In the Risk assessment exercise, as SaaS provider, we are quite focused on protecting PII and other customers data. But I was wondering whether the customer itself could be considered as an asset for the ISO 27001 certification. For example, a threat would be "losing customers" and the vulnerability would be "not being able to guarantee SLA in Incidents management". Would it be something to consider for our ISO 27001 certification ?

0 0

Assign topic to the user

Select user

Rhand Leal Apr 27, 2022

To ISO 27001, customers should be considered as interested parts, i.e., someone that can affect, or be affected, by information security, not assets.

For further information, see:
- Who are interested parties, and how can you identify them according to ISO 27001 and ISO 22301? https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
- Asset List for ISO 27001 Risk Assessment https://info.advisera.com/27001academy/free-download/asset-list-for-iso-27001-risk-assessment/
- How is ISO 27001 applicable for Software-as-a-Service companies? https://info.advisera.com/27001academy/free-download/how-is-iso-27001-applicable-for-software-as-a-service-saas-companies

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 27, 2022

Apr 27, 2022

Suggested Topics

Guest user Created: Nov 12, 2021 ISO 27001 & 22301

Replies: 1

0 0

How to start using the ISO 27001 / ISO 22301 Toolkit

Guest user Created: Aug 12, 2021 ISO 27001 & 22301

Replies: 1

0 0

ISO 27001 - Capacity SaaS