Use of ISO 27017 and ISO 27018
Assign topic to the user
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now 
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now
Answer:
ISOs 27017 and 27018 do not make sense without implementing 27001 as well, because this way you would only have the controls without the management system that can maintain and correct the controls when needed.
And although ISO 27017/18 provides more guidance and orientation for controls to be applied to cloud/virtualized companies, if you do not have specific requirements demanding implementation of cloud/virtualized related controls (e.g., to comply with GDPR) you can go with only ISO 27001, because this standard already provides a good coverage for cloud/virtualized environments.
These articles will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
Comment as guest or Sign in
Feb 16, 2019