UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CSA ISO/IEC 27036-4

Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services

active, Most Current
Buy Now
Organization: CSA
Publication Date: 1 January 2018
Status: active
Page Count: 39
ICS Code (Information coding): 35.040
scope:

This document provides cloud service customers and cloud service providers with guidance on

a) gaining visibility into the information security risks associated with the use of cloud services and managing those risks effectively, and

b) responding to risks specific to the acquisition or provision of cloud services that can have an information security impact on organizations using these services.

This document does not include business continuity management/resiliency issues involved with the cloud service. ISO/IEC 27031 addresses business continuity.

This document does not provide guidance on how a cloud service provider should implement, manage and operate information security. Guidance on those can be found in ISO/IEC 27002 and ISO/IEC 27017.

The scope of this document is to define guidelines supporting the implementation of information security management for the use of cloud services.

Document History

CSA ISO/IEC 27036-4
January 1, 2018
Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services
This document provides cloud service customers and cloud service providers with guidance on a) gaining visibility into the information security risks associated with the use of cloud services and...
CAN/CSA-ISO/IEC 27036-4:18
January 1, 2018
Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services
This document provides cloud service customers and cloud service providers with guidance on a) gaining visibility into the information security risks associated with the use of cloud services and...

References

This document references:
ISO/IEC 17788 - Information technology - Cloud computing - Overview and vocabulary
Published by ISO on October 15, 2014
This Recommendation | International Standard provides an overview of cloud computing along with a set of terms and definitions. It is a terminology foundation for cloud computing standards. This...
This document references:
ISO/IEC 17789 - Information technology - Cloud computing - Reference architecture
Published by ISO on October 15, 2014
This Recommendation | International Standard specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities,...
This document references:
ISO/IEC 19086-1 - Information technology - Cloud computing - Service level agreement (SLA) framework - Part 1: Overview and concepts
Published by ISO on September 15, 2016
This document seeks to establish a set of common cloud SLA building blocks (concepts, terms, This document specifies a) an overview of cloud SLAs, b) identification of the relationship between the...
This document references:
ISO/IEC 29115 - Information technology - Security techniques - Entity authentication assurance framework
Published by ISO on April 1, 2013
This International Standard provides a framework for managing entity authentication assurance in a given context. In particular, it: - specifies four levels of entity authentication assurance; -...
This document references:
ISO/IEC 27017 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Published by ISO on December 15, 2015
This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: – additional implementation...
This document is referenced by:
CSA/ANSI T200:22 - Evaluation of software development and cybersecurity programs
Published by CSA/AM on January 1, 2022
This Standard describes a methodology for assessing the product software and cybersecurity control maturity of an organization. This Standard provides the evaluators and vendors a method to determine...
View Less
View All
Advertisement