Content library
ISO 27017
6.1.3: Contact with authorities

How to fill the requirement

ISO 27017

6.1.3: Contact with authorities

Task name
Priority
Status
Theme
Policy
Other requirements
Clear communication of organisation and data storage location in relation to offered cloud services
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Cloud service management
2
requirements

Task is fulfilling also these other security requirements

6.1: Internal organization
ISO 27017
6.1.3: Contact with authorities
ISO 27017
1. Task description

When offering cloud services, the organisation must clearly and actively inform the customer of the organisation’s geographic location and the countries where the customer's data is stored.

This information can help the customer e.g. in determining the relevant supervisory authorities and jurisdictions when utilizing the cloud service.

Documenting security-related responsibilities for offered cloud services and utilized data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Cloud service management
8
requirements

Task is fulfilling also these other security requirements

6: Organization of information security
ISO 27017
CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
6.1: Internal organization
ISO 27017
6.1.3: Contact with authorities
ISO 27017
1. Task description

When utilizing or offering cloud services, both service provider and customer can have security responsibilities. Service provider may be responsible for technical cyber security but e.g. customer for access management and providing user guidelines for secure usage.

Responsibilities for shared information security roles towards offered cloud services and utilizing cloud-based data systems must be clearly defined and documented by both the cloud service customer and provider.

Listing offered digital services and naming owners
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Cloud service management
17
requirements

Task is fulfilling also these other security requirements

A.2.1: Obligation to co-operate regarding PII principals’ rights
ISO 27018
A.2: Consent and choice
ISO 27018
6: Organization of information security
ISO 27017
CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
1. Task description

The organization must maintain a list of digital services provided and the owners designated for them. The owner is responsible for completing the information in the service and for any other security measures that are closely related to the service.

The documentation related to the digital service includes e.g. the following information:

  • The type of digital service offered, the service category and the purpose of use
  • Data controller and related processing agreements
  • Key partners in the service supply chain and the distribution of security responsibilities (discussed in more detail in a separate task)
No items found.