Newsletter

Different categories for ISO in Cloud

What are Different categories for ISO  – ISO 27001, ISO 27017, or ISO 27018?

In any case, ISO 27001 is a perfect basic standard for all companies that want to protect their information – it is still by far the most popular standard worldwide, it provides the framework for managing security, and it is the only one against which a (real) certificate can be issued.

ISO 27017 is certainly appealing to companies that offer services in the cloud, and want to cover all the angles when it comes to security in cloud computing.

ISO 27018 is more focused on companies that handle personal data, and want to make sure they protect this data in the most appropriate way.

So, it seems to me that for cloud companies we will most often see a combination of ISO 27001 and ISO 27017 implementation, and cloud companies with lots of personal data will probably go for all three: ISO 27001, ISO 27017, and ISO 27018.

Further Read: https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

ISO for Microsoft Azure?

A combination of  ISO and CSA certifications exist in all four Azure clouds:. For example, recently completed Azure ISO 27001 and ISO 27018 audits have 61 customer-facing services in audit scope, making it possible for customers to build realistic ISO-compliant cloud applications with end-to-end platform coverage.

You can download the report for ISO and other certs from Trust website :

https://servicetrust.microsoft.com/

How about your Environment for ISO?

You need to work on the guideline provided by Azure security center as a guideline. By default, Security Center supports the following regulatory standards: Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP.

The regulatory compliance dashboard view can help focus your attention on the gaps in compliance with a standard or regulation that is important to you.

How to get a Certificate for ISO for your cloud environment?

You need to hire/consult with an auditing company and get the certificate accordingly after validation and remediation.

We can help to find the right fit or getting the right resource.

For any consulting requirements, please email us on cloud@proarch.com

Leave a Reply

Your email address will not be published. Required fields are marked *