February 22nd, 2022 - ISO 27017 and ISO 27018 accreditation for SIET

ISO 27017 and ISO 27018 extensions

SIET obtained the extension of the accreditation for the Certification of Information Security Systems with integration of the following guidelines:

- ISO / IEC 27017 Information technology - Security techniques - Code of conduct for information security controls based on ISO / IEC 27002 for cloud services;

- ISO / IEC 27018 Information technology - Code of conduct for the protection of personally identifiable information (PII) in public clouds acting as PII managers.

The increasing use of the cloud for storing information has deepened the focus on the protection of such information, especially in the case of clouds that store personal data.Precisely in relation to this, the UNI CEI EN ISO / IEC 27017: 2021 and UNI CEI EN ISO / IEC 27018: 2020 standards specify the security controls to be implemented when managing cloud services. These two standards extend the controls of ISO / IEC 27001 and introduce specific additional controls.

In particular, ISO / IEC 27017 represents the reference for general security controls for users and providers of cloud services, while ISO / IEC 27018 refers to controls for public cloud service providers acting as data controllers.