What is ISO 27001?
It is the leading international standard focused on information security, published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC). Both are leading international organizations that develop international standards.
ISO-27001 is part of a set of standards developed to handle information security: the ISO/IEC 27000 series.
ISO 27001 + Cloud
Not only does the standard provide companies with the necessary know-how for protecting their most valuable information, but a company can also get certified against ISO 27001 and, in this way, prove to its customers and partners that it safeguards their data.
Individuals can also get ISO 27001-certified by attending a course and passing the exam and, in this way, prove their skills to potential employers.
Because it is an international standard, ISO 27001 is easily recognized all around the world, increasing business opportunities for organizations and professionals.
When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, security and compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within ISO 27001.
Ensuring continuous security and compliance across one or more CSPs can be extremely challenging. With DivvyCloud you can automate security and compliance with ISO 27001. Cloudanix provides dozens of out-of-the-box policies as part of our ISO 27001 compliance pack that map back to specific directives within ISO 27001. For example, Cloudanix’s policy “Access List Exposes Windows RDP to World (Security Group)” supports compliance with the “A.11.4.4 – Remote diagnostic and configuration port protection” directive in ISO 27001. You can immediately use the ISO 27001 compliance pack to identify and remediate policy violations in real-time.