Show me desktop version
CALL US 1-888-553-2256
United States

The ISO 27001 & ISO 22301 Blog

Data Privacy Protection, ISO 27001 and CISPE Code of Conduct

With mandated compliance with the European Union (EU) General Data Protection Regulation (GDPR) ever closer, organizations that handle personal data of European citizens are rushing to adapt their operations to new requirements to avoid problems with customers and authorities. With respect to cloud infrastructure services, a particular effort may come …

Read More ...

Network segregation in cloud environments according to ISO 27017

In a previous article, I wrote about network segregation considering a physical network structure (see: Requirements to implement network segregation according to ISO 27001 control A.13.1.3), and while the concepts presented there are still valid when you consider network segregation in cloud computing environments, some new considerations must be made. …

Read More ...

How to use ISO 27017 to manage legal risks related to geographical location

Cloud services are often sold as solutions that can be anywhere and everywhere. All that is necessary is a computer and a network connection to work with data, applications, and resources. While from user’s point of view this is true, cloud services ultimately rely on physical infrastructure, which has to …

Read More ...

Resolving cloud security concerns by defining clear responsibilities according to ISO 27017

Cloud solutions are attractive answers for those who look for cost savings and quick demand response infrastructure, and Internet searches can show you how these kinds of solutions are rapidly growing and being adopted by organizations of all sizes, especially by small and medium-sized organizations. However, their very nature requires …

Read More ...

ISO 27001 vs. ISO 27017 – Information security controls for cloud services

The future of ISO 27017, together with ISO 27018, seems quite bright: they define security standards for today’s fastest-growing industry – cloud computing. This topic is so big and so hot, that these two standards might achieve the same level of success as their “older brothers” ISO 27001 and ISO …

Read More ...

ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud

Update 2015-12-01: This blog post was updated on the issue of certification. If your company is delivering services in the cloud, you probably have more and more customers asking you how their personal data is protected. ISO 27001 is certainly a good way to do it; however, some enlightened customers might …

Read More ...
Dejan Kosutic
Lead ISO 27001/22301 Expert, Advisera


ISO 27001 & ISO 22301
Free Downloads


Upcoming free webinar
Writing a business continuity plan according to ISO 22301
Wednesday - March 28, 2018
Show posts:



  • Exemplar Global (formerly RABQSA) is leading international authority in certification of training providers.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933