The Cloud Security Alliance published the Cloud Control Matrix, to support consumers in the evaluation of cloud services and to identify questions prudent to have answered before moving to cloud services. In response to this publication, Microsoft has created this document to outline how we meet the suggested principals and mapped them to the International Standards Organization (ISO) 27001:2005 and ISO 27002.
Advertisements
This management system means that information security must be planned, implemented, monitored, reviewed, and improved. It means that management has its distinct responsibilities, that objectives must be set, measured and reviewed, that internal audits must be carried out and so on. All those elements are defined in ISO 27001, but not in ISO 27002.