If you handle information on behalf of other organisations (your customers) then you may be asked to produce a risk management compliance statement.

Typical service providers that handle information on behalf of other organisations:

  • outsourced information systems provides
  • accountants
  • financial advisers
  • business process outsources
  • advisers
  • auditors

The most universal standard for information systems risk management is ISO/IEC 27001.  There is also the SSAE16/ISAE3402 (formerly SAS70) standards.

As your system is based on ibCom mydigitalstructure, you can use the ibCom Statement of Applicability (SOA) to ISO/IEC 27001 as the basis for your own SOA - similar to how ibCom uses the Amazon Web Services SOA.

Each statement is layered on top of the next to build the trust for the customer.

ISO/IEC27001 Template Excel Template
Implementing a ISMS @sec: ISMS-Implementation-Guide-and-Examples.pdf


ISO/IEC 27001
ibCom ISO/IEC 27001 Statement of Applicability