Home / ISO 27001 Glossary of Terms / Information security for use of cloud services

Information security for use of cloud services

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Information security for use of cloud services is about keeping your information safe when you use cloud services. It means you must make sure that the company you hire to store your data in the cloud has good security measures in place. This includes setting up rules and agreements with them to protect your data. It also means you need to decide what level of security you need for different types of information.

Examples

  • A small business uses a cloud service to store its customer list. The business owner checks the service’s security certifications to make sure they are trustworthy. They also sign an agreement that says the cloud company will keep the customer data private and safe.
  • A doctor’s office uses a cloud service for patient records. The office has to follow strict laws about patient privacy. So, they make sure their contract with the cloud provider includes a part that says the provider will also follow those same privacy laws.

Context

Cloud services have become very popular for businesses of all sizes. They let companies save money by not having to buy and maintain their own computer servers. However, using these services means you’re giving your data to another company. This is why it’s so important to have a plan to make sure your data is secure. The ISO 27001 control helps you make that plan so you don’t forget any important steps. It ensures you have a good understanding of what your cloud provider is doing to protect your data and what you need to do yourself.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to Information security for use of cloud services:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.