The ISO 27001 standard is an organizational information security management model, while taking appropriate measures to protect and effectively manage the organization’s sensitive information.
The ISO 27018 standard expands the ISO 27001 standard and adds information and special requirements for information security management at cloud-based companies, in order to secure and protect their databases stored in the cloud.
The ISO 27018 standard places special emphasis on and expands the operation section of ISO 27001, with special emphasis on issues of separation of environments (development, production, testing), QA testing database security, backup and recovery processes, processes for handling and dealing with information security events etc. In addition, the standard requires additional controls, as follows:
The process begins with meetings with key people at the organization in order for us to learn how you work at your organization. We characterize the work processes with you and develop the procedures, work instructions and forms and, in cooperation with your representative; we identify the information security risks. The company’s procedures that are developed are approved by a representative of the organization’s management. Once the procedures have been approved, we help you integrate them at the organization. The integration process may include, according to your needs, trainings, internal audits, preparation and participation in a quality management review, and more. We guarantee that at the end of the consultancy process, you will successfully pass an objective audit by one of the organizations authorized to audit compliance with the.