ISO standards

ISO 27001 sets requirements for information security management systems as well as how they are implemented, supported, and continuously upgraded. The ISO 27001 guidelines help guarantee a high level of security for their core information assets.

ISO 27017 is a set of practical recommendations for how cloud providers can deliver information security. These recommendations, specifically for cloud service providers, complement the ISMS implementation requirements set out in ISO 27001.

ISO 27018 focuses on cloud service providers securing the personal data they process. The standard sets out practical information security recommendations for protecting the personal information that clients entrust to the cloud provider. They supplement the requirements of the basic standard, ISO 27001.

ISO 27701 is an extension of the ISO/IEC 27001 international information security standard, and serves as a guide for the protection of personal information. The document helps companies build a data protection system in accordance with Russian Federal Law 152‑FZ “On Personal Data” and legal requirements in other countries. The standard allows you to check not only the technical capabilities of a data protection platform, but also how the legal principles of data processing are implemented within a company.

The development of this document took the unified European General Data Protection Regulation (GDPR) into account. It confirms that the provider is in compliance with international requirements for personal data protection. The certification checks how the company protects and transfers customer data, whether it uses them legally, and how it manages access and data breaches.