VNG Cloud Has Achieved ISO/IEC 27001:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2019 Certifications for Information Security Standards

2021/01/10 08:08

In November 2020, VNG Cloud officially completed the testing, evaluation, and certification process for ISO/IEC Information Security Standards, which include:

  • ISO/IEC 27001:2013 - Information Security Management System (ISMS) standard
  • ISO/IEC 27017:2015 - Information Security Controls for Cloud Services standard
  • ISO/IEC 27018:2019 - Information Security Standards for Protection of Personally Identifiable Information (PII) in the Cloud

1. ISO/IEC 27001:2013 Certification - Information Security Management System (ISMS) standard

vng-cloud-iso-27001-2013.jpg

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within an organization. Additionally, this standard includes requirements for assessing and treating information security risks in a manner that is appropriate to the needs of the organization (According to the International Organization for Standardization).

 

 

 

 

 

 

2. ISO/IEC 27017:2015 Certification - Information Security Controls for Cloud Services standard

vng-cloud-iso-27017.jpg

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing and proposes the implementation of specific information security controls for the cloud, supplementing the guidance provided in ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice offers guidance on implementing additional specific information security controls for cloud service providers and serves as a recognized guide for implementing security measures (According to the International Organization for Standardization).

 

 

 

 

 

3. ISO/IEC 27018:2019 Certification - Information Security Standards for Protection of Personally Identifiable Information (PII) in the Cloud

vng-cloud-iso-27018.jpg

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing and proposes the implementation of specific information security controls for the cloud, supplementing the guidance provided in ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice offers guidance on implementing additional specific information security controls for cloud service providers and serves as a recognized guide for implementing security measures (According to the International Organization for Standardization).

 

 

 

 

 

 

 

In addition to the latest international information security standards certifications, VNG Cloud has also obtained PCI DSS (Payment Card Industry Data Security Standard) certification. Even if customers do not use card data, VNG Cloud maintains a high level of protection according to PCI DSS for all customer data.

To obtain the above certifications, VNG Cloud has consistently established and adhered to an Information Security Controls System based on international standards such as ISO/IEC 27001, PCI DSS. We also continuously comply with common laws and standards, specifically including Vietnamese laws and regulations, ISO/IEC 27017 & 27018 standards. Additionally, VNG Cloud maintains, reviews, and improves this system on a regular basis.

The above certifications affirm VNG Cloud's ability to provide cloud computing services and solutions that meet international standards. Additionally, VNG Cloud is committed to accompanying customers in ensuring information security and preventing security incidents through the implementation of advanced security measures.