Today, organisations are entering the age of digitisation and are expanding their use of information technologies. One of the most important aspects of this transformation is the shift from computer and storage systems towards cloud-based service providers due to the huge benefits and potential offered by these services.
As is to be expected, these changes bring with them new risks and opportunities with regard to information security which must be properly managed, just as they are applied and managed when they are within the systems themselves. Both cases should be included in the scope of the company’s Information Security Management System (ISMS) based on the ISO 27001 standard, in order to meet the requirements of the business.