RUsafe Information and Cyber Security – ISO 27017/27018
Information security in a computerized cloud environment is accompanied by many challenges, having to deal with many technical, legal, and regulatory issues.
ISO – International Organization for Standardization is the largest international standards organization, and has published two new standards that apply to cloud services: ISO 27017 and ISO 27018.
These standards provide guidelines for supporting information security control both for the cloud service providers and for customers.
The ISO 27018 standard is a personal identification information security standard (PII) in cloud environments, and provides privacy protection guidelines.
The ISO 27017 standard covers the information security management in the cloud.
In order to comply with these standards, the cloud service provider must undergo an external audit by an accredited body that will ensure that they comply with the standard’s requirements.