Cloud Computing
ISO 27017 and ISO 27018 – data protection and information security for clouds
According to international studies, more than 40 per cent of cloud providers will seek certification for their cloud services in the next one to two years. Notorious and globally active companies have already had their cloud services certified in order to strengthen the trust of potential customers in the services offered.
The most important requirements for cloud services are data protection and availability. In accordance with the applicable national data protection laws and the General Data Protection Regulation (GDPR), organisations and companies are also liable for their data if it is processed by a cloud provider as part of commissioned data processing and data breaches occur there.
In order to comply with the legally required duty of care, organisations and companies must ensure the security of data processing – including at the service provider or processor – if they process data as data controllers. This must be done through suitable contracts as well as audits and verification!
ISO 27017 - Information security for cloud services
ISO 27017 is an extension of ISO 27002 and, in conjunction with ISO 27001, provides both cloud service operators and companies that are cloud service customers with a framework that they can use to implement specific measures for cloud services. The selection and implementation of specific security measures is based on the risk analysis required by ISO 27001.
ISO 27018 - Data protection for cloud services
The internationally recognised ISO 27018 cloud standard for data protection sends a strong signal to your customers. ISO/IEC 27018 focuses on the “Protection of personal data in the cloud” for service providers and processors by providing more specific requirements regarding the implementation of data protection measures.
Certification
Cloud certification in accordance with these standards is possible if basic certification in accordance with ISO/IEC 27001 for information security or ISO/IEC 20000-1 for IT service management has already been achieved for the same scope within the organisation: synergies can then be optimally utilised.
Information on the project phases and the certification process can be found here.
Your advantages
- Implementation in an existing ISMS in accordance with ISO 27001 or in the course of setting up a new ISMS is easily possible
- The standards contain specific security measures for cloud service providers and cloud service customers. This greatly simplifies collaboration.
- Well equipped for the cloud market of the future
- Worldwide valid and internationally recognised
- Increases customer confidence in cloud services for critical business areas
- Highest level of protection for personal data
- Minimises the risk of breaches of contract
- Requirements of the EU General Data Protection Regulation
Request
We are delighted that you are interested in our services. We will be happy to send you further information. Please provide us with the following information:
