Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Listing offered digital services and naming owners


The organization must maintain a list of digital services provided and the owners designated for them. The owner is responsible for completing the information in the service and for any other security measures that are closely related to the service.

The documentation related to the digital service includes e.g. the following information:

  • The type of digital service offered, the service category and the purpose of use
  • Data controller and related processing agreements
  • Key partners in the service supply chain and the distribution of security responsibilities (discussed in more detail in a separate task)
Connected other frameworks and requirements:
A.2.1: Obligation to co-operate regarding PII principals’ rights
ISO 27018
A.2: Consent and choice
ISO 27018
6: Organization of information security
ISO 27017
CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
No items found.