Technology to enforce and attest ISO 27001 controls
What technology can be used to enforce and attest ISO 27001 controls (e.g., password policy) in a cloud SaaS environment?
Assign topic to the user
Please note that it is our policy not to make recommendations about technologies, but broadly speaking most solutions used in cloud environments (e.g., virtual machines and lead balancers, etc.) now have policy enforcement and activities monitoring capabilities, so you need to check with your provider which capabilities it can provide to you and if these capabilities are enough to fulfill your needs (based on the results of risk assessment and applicable legal requirements).
For further information, see:
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Mar 11, 2021