Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

SaaS provider

  Quote
Guest
Guest user Created:   Apr 27, 2022 Last commented:   Apr 27, 2022

SaaS provider

In the Risk assessment exercise, as SaaS provider, we are quite focused on protecting PII and other customers data. But I was wondering whether the customer itself could be considered as an asset for the ISO 27001 certification. For example, a threat would be "losing customers" and the vulnerability would be "not being able to guarantee SLA in Incidents management". Would it be something to consider for our ISO 27001 certification ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 27, 2022

To ISO 27001, customers should be considered as interested parts, i.e., someone that can affect, or be affected, by information security, not assets.

For further information, see:
- Who are interested parties, and how can you identify them according to ISO 27001 and ISO 22301? https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
- Asset List for ISO 27001 Risk Assessment https://info.advisera.com/27001academy/free-download/asset-list-for-iso-27001-risk-assessment/
- How is ISO 27001 applicable for Software-as-a-Service companies? https://info.advisera.com/27001academy/free-download/how-is-iso-27001-applicable-for-software-as-a-service-saas-companies

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 27, 2022

Apr 27, 2022