Let’s begin by explaining what ISO and IEC stand for. ISO stands for the International Organisation for Standardisation. This means that all organisations that achieve an ISO/IEC 27001 work to the same high standards.
IEC stands for the International Electrotechnical Commission, a not-for-profit organisation that works independently of any government.
Together the ISO and the IEC form a joint technical committee, developing and maintaining multiple standards in IT, Information and Communications Technology (ICT), and related technologies.
As part of our information security management system (ISMS), SMSPortal is proudly ISO/IEC 27001 certified and to complement our commitment to maintaining the highest level of security and data protection for our customers, SMSPortal have attestations for ISO/IEC 27017 and ISO/IEC 27018.
ISO/IEC 27017 and ISO/IEC 27018 are internationally recognised standards for cloud-specific security and protecting personally identifiable information (PII).
A business wide commitment to security combined with our staff training, our in-house developed platform and our best-in-class tools have contributed to SMSPortal achieving these internationally respected accreditations and attestations.
ISO/IEC 27001 is a specification for an information security management system (ISMS). It is an international security standard defined by the International Organisation for Standardisation (ISO).
Defined within the ISO 27001 standard are ten requirements, including information security guidelines, requirements intended to protect an organisation’s data assets from loss or unauthorised access and recognised means of demonstrating their commitment to information security management through certification.
ISO/IEC 27001 also includes a risk assessment process, organisational structure, Information classification, access control mechanisms, physical and technical safeguards, information security policies, procedures, monitoring and reporting guidelines.
ISO/IEC 27001 is an ideal cornerstone standard as it sets out the technical requirements for establishing an ISMS and form the foundation for data security. ISO/IEC 27017 and ISO/IEC 27018 adds guidance for achieving robust security in the cloud.
ISO/IEC 27017:2015 is an international standard that provides guidelines and best practices for information security controls specifically related to cloud computing.
ISO/IEC 27017:2015 is an important resource for organisations that use cloud services or provide cloud-based solutions. It ensures that organisations align their security practices with cloud-specific risks and challenges, ultimately enhancing the security of their cloud computing environments and the protection of sensitive data stored or processed in the cloud.
ISO/IEC 27018:2019 is a standard that focuses on protecting personally identifiable information (PII) in the context of cloud computing. Specifically, it provides guidance and establishes controls for cloud service providers (CSPs) in managing PII entrusted to them by their customers.
By definition, PII is information that could link back to identify an individual.
To learn more about the respective ISO standards please visit iso.org:
Updated 2 months ago