A Management System for the Cloud – Why Your Organization Should Consider ISO 27018
Blog Article Published: 05/22/2017
By Alex Hsiung, Senior Associate, Schellman & Co. Cloud computing technologies have revolutionized the way organizations manage and store their information. Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and cost-saving benefits promised by the cloud. But what is a cloud without a little rain? The benefits of cloud technologies have not come without their costs. Within the world of cloud computing, there have been three persistent concerns:
- Fostering a top-down approach to information security that encourages personnel throughout the organization to be aware of information security best practices
- Performing risk assessments that are tailored to its organization’s unique threats and vulnerabilities
- Proactively searching for issues and concerns through the use and selection of internal auditors
- Monitoring and measuring the performance and effectiveness of the information security management system
- Establishing a commitment to continually improving the information security management system
- Ensuring that security controls are implemented and applicable to its organization’s goals and purpose
- An effective information security management system demonstrates to prospective and current customers that the service organization means business about protecting the data that it is entrusted with and responsible for.
- An effective information security management system assists organizations with establishing a forward-thinking, proactive approach to addressing information security concerns as opposed to enabling a backward-looking mindset which is generally fostered by audit culture, which typically focuses on historical information.
- Providing cloud customers with the ability to access, correct, and erase their own PII
- Ensuring that data is processed according to its intended purpose and not taken out of context
- Procedures for the deletion of temporary files
- Implementing defined disclosure procedures
- Providing open, transparent notice in the event that sub-contractors are utilized
- Encouraging accountability on behalf of the cloud service provider through the implementation of breach notification procedures
- More stringent information security requirements on the part of the cloud service provider
Share this content on your favorite social network today!