ISO 27001 5.23 Information Security for Use of Cloud Services Requirement:
"Processes for acquisition, use, management and exit from cloud services shall be established in accordance with the organization’s information security requirements."[1]
ISO 27001 5.23 Information Security for Use of Cloud Services Requirement Explanation:
Define criteria for cloud services that the organization will use. For example requiring that the service is FEDRAMP moderate or has an ISO 27001 certification. Manage the service in accordance with the organization's information security policies and procedures. Cloud services generally need additional security settings to meet ISO 27001 requirements. The CIS Benchmark for Microsoft 365 and Google Workspace helps organization's to securely configured these common cloud services. When terminating/exiting a cloud service ensure that a process exists to remove all organization data and migrate to a new service.
References:
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.