1

My colleague told me that ISO 27001 require physical server running in the office to store user password. Therefore, using AWS Cognito or Firebase Auth can save us the physical server since they have ISO 27001.

Is my colleague correct? If not, does using third-party oauth service reduce the work on complying with ISO 27001?

ykn121
  • 111
  • 2
  • ISO 27001 does not require any specific technical implementation. So, no, you do not need a physical server to comply with the standard. – schroeder Mar 07 '21 at 17:13
  • @schroeder: Convert your comment to an answer. – mentallurg Mar 07 '21 at 18:24
  • @mentallurg I'm not sure I should. The question is based on a faulty assumption. I'm challenging the basis for the question, not answering it. – schroeder Mar 07 '21 at 20:18
  • @schroeder thanks for your answer. May I ask one more thing? Does using AWS Cognito or Firebase Auth, third-party oauth, help to reduce the work on certifying ISO 27001? – ykn121 Mar 08 '21 at 02:55
  • @ykn121 it doesn't. It sounds like you need to understand the standard and how it works. – schroeder Mar 08 '21 at 07:45

0 Answers0