What is the object of the project?
The project “Preparation of G-Cloud certification according to ISO 27001: 2013” aims at providing specialized scientific services for the preparation and support of GSISPA with the objective of G-Cloud certification in accordance with the International Information Security Management Standard ISO/IEC 27001: 2013. The scope of the project includes the G Cloud, as well as all G-Cloud structures and functions of the GSISPA.
What are the purpose and objectives of the project?
The project aims at the integrated, methodical and systematic preparation of the GSISPA for the certification of G-Cloud and all G-Cloud structures and functions of GSISPA, in accordance with ISO/IEC 27001: 2013 and its supplements, or later version, by an independent and relatively accredited national/domestic or international certification body. Finally, it is self-understood that none of the accredited evaluators can be a member of the team of this project.
The main objectives that are expected to be achieved through the implementation of this Project are:
- Ensuring confidentiality, integrity and availability of G-Cloud information systems
- Compliance with relevant legislation and applicable international standards (including, of course, ISO/IEC 27001), for instance: ISO 27002:2013 Information technology — Security techniques — Code of practice for information security controls, ISO 27017:2015 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services, 27018:2014 Information technology – Security techniques – Code of practice for protection of personally identifiable Information (PII) in public clouds acting as PII processors, NIST SP800-144 Guidelines on Security and Privacy in Public Cloud Computing, BS 10012 Personal Information Management, etc.)
- Minimising losses in the event of a safety incident
- Informing and raising awareness of the human resources of GSISPA
- Clarification and segregation of duties of GSISPA human resources involved
The certification of DSMS, in accordance with the requirements of ISO/IEC 27001 and its supplements, or later version, will ensure the following benefits and advantages for GSISPA:
- Confirmation of implementation of relevant legislation and standardisation regulations.
- Proof of satisfaction of the requirements of good governance and operational continuity.
- Official proof of the existence and operation of an information security management system and, within its framework, application for a risk identification, assessment and management system.