Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Sharing a server cabinet - is this compliant with ISO 27001?

One of the business units which is not in our scope for accreditation is partially owned by ***. I know the particular business unit in question does not have access to our network at all but I am awaiting confirmation as to whether we share a server cabinet with them. I dont think this is the case but if we do, can you please advise if this may hinder our compliance with any of the standards?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

ISO 27001 does not mention anything about sharing a server cabinet; however it does require you to assess the risks, and apply appropriate controls.

In other words, if you share a server cabinet with a business unit that is not within the scope of your ISO 27001 implementation, you have to treat such business unit as an external party, and regulate your relationship with them through an agreement. See also this article: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Therefore, if you resolve this situation with strict agreement with this business unit, you will still be compliant with ISO 27001.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community