WHAT ARE THEY
With the diffusion of Cybercrime , concerns regarding the availability, integrity and confidentiality of information have increased, both for service providers and for user customers.To respond to this criticality ISO and IEC, based on ISO/IEC 27002, have developed the ISO/IEC 270XX:20Y guidelines, aimed at ensuring compliance with information security principles, which find application in vertical and therefore highly specific areas, from cloud computing, to application security, incident management, privacy management, etc.
WHY
The market is characterized by continuous changes due to the very rapid evolution in the technological field, and in this context we are increasingly witnessing a succession of computer crimes.The danger of becoming a victim of a data breach is now a concrete reality for all companies, characterized by new cyber threats emerging every day.
HOW CAN IT BE PREVENTED
The possibility of these events occurring is leading companies to place particular attention on "handling information securely" in the context of the operations of organizations in all market sectors.This approach avoids customer loss and reputation damage by ensuring that risks are minimized.
KEY POINTS
- Quality
- safety
- business process resilience
They were developed to help ensure information security principles are met by their service providers.
CSQA'S ANSWER
CSQA is among the first certification bodies to have extended the ISO/IEC 27001 accreditation, for a flexible purpose , with the integration of the ISO/IEC 270XX:20YY "Information Technology, Security techniques" guidelines.
The ISO/IEC 27001 standard for information security management systems includes over fifty guidelines that characterize specific sectors or are defined for specific areas (such as cloud computing, incident management, privacy, cybersecurity ..)Accredia, for this type of standard, accredits the Certification Bodies with a "flexible scope", which allows the applicability of ISO/IEC 27001 to be extended to specific guidelines, based on market needs.
Among the ISO/IEC 270XX guidelines, some in particular are proving to be a valid tool to adapt to in order to make the services provided safer for users and, on the other hand, guarantee greater protection for the organizations themselves.
Let's talk about:
ISO/IEC 27017
The ISO/IEC 27017 standard provides guidance that provides enhanced controls for both cloud service providers and customers.
Its goal: to clarify the roles and responsibilities of different cloud actors while ensuring that data is adequately protected.
ISO/IEC 27018
The ISO/IEC 27018 standard provides a guideline for Service Providers that deliver services in the "public cloud".
Its goal: to offer a structured way to comply with applicable obligations when the provider itself acts as a data controller of personal data.
ISO/IEC 27037
The ISO/IEC 27037 standard provides a guideline for the specific activities related to the processing of digital evidence through the phases of their identification, collection, acquisition and conservation.
Its objective: to establish homogeneous technical rules across different countries to maintain the integrity of digital evidence so that it is admissible in the trial phase.
ISO/IEC 27701
The ISO/IEC 27701 standard provides a guideline for organizations wishing to implement a personal information management system in compliance with the provisions of the GDPR.
Its goal: to demonstrate to customers and stakeholders that the organization uses effective systems to reduce the risks related to privacy violations.
ISO/IEC 27034
The ISO/IEC 27034 standard provides guidance to those who design, program, implement and use application systems.
Its goal: to strengthen the specification definition, design, development and security testing phases of software in order to reduce the risk generated by vulnerabilities.
ISO/IEC 27035
The ISO/IEC 27035 standard provides a guideline covering processes for effective management of security incidents, vulnerabilities and events. The danger of becoming a victim of a data breach is now a concrete reality for all companies characterized by new cyber threats emerging every day.
Its goal: to enable you to have effective processes that include preventive and corrective measures in response to any type of cyber attack.
Quality, security and resilience of business processes, happier customers and compliance assurance.
It is the ability to support these objectives that qualifies us as a reference player in the Italian and international market of certifications and training in the fields of Cybersecurity, Information Management & Privacy, Business Continuity.