Process :

Visit the client side in order to gather necessary information of their business functions.

After a thorough study of ISO/IEC 27017 and ISO/IEC 27018 standard, prepare a questionnaire for the client in accordance to controls mentioned.

After gathering answers, create documents for the client

SOA (Statement of applicability)

This document states which controls are applicable and which are not along with the reason for applicability

SOP (Standard Operating Procedure)

SOP contains the step wise tasks to be performed while implementing controls in the organization. SOP's are created for different departments in the organization.

Policy document

Policy document contain the details and instructions for implementing the applicable controls in organization.

RART (Risk assessment restatement)

RART document quantifies the vulnerability and threat factors. This document calculates the risk value and accordingly decides whether risk is fixed, mitigated, transferred or ignored.

DR document

It is the disaster recovery document, if cloud goes down.





Related links

It provides clarity regarding who is responsible for what between the cloud service provider and the cloud customer

Read More


Praesent nec nisl a purus blandit viverra. Praesent ac massa at ligula laoreet iaculis. Nulla neque dolor, sagittis eget, iaculis quis, molestie non, velit. Mauris turpis nunc, blandit et, volutpat molestie, porta ut, ligula.