Our expert staff is standing by to answer your questions

  • (800) 123 1234

ISO/IEC 27017

SO/IEC 27017:2015 is an information security code of practice for cloud services. It’s an extension to ISO/IEC 27001:2013 and ISO/IEC 27002, and it provides additional security controls for cloud service providers and for cloud service customers. An organization implementing the standard would select the relevant controls for their circumstances.

  • The shared roles and responsibilities between the cloud service providers and customers
  • Removal and return of cloud service customers assets when a contract has been terminated
  • Segregation in virtual computing environments
  • Secure hardening of virtual machines
  • Documenting critical operational procedures
  • Allowing cloud service customers to be able to monitor relevant activities within the cloud
  • The alignment of security management for both virtual and physical networks

Benefits of ISO 27017 Certification

External assurance to customers

Provides external assurance to customers that information processed in the cloud by their cloud service provider is secure.

Reduce risk

It helps reduce the risk of a security breach and other risks, this will increase stakeholders trust.

Extends and enhances certification

It extends and enhances a clients ISO 27001 certification.

Framework for cloud services customers

Provides a comprehensive information security management framework for cloud services customers and in so doing it holds their providers to account.

Framework for cloud services customers

Provides a comprehensive information security management framework for cloud services customers and in so doing it holds their providers to account.

Why implement ISO 27017?

Making clients feel safe about their data being stored in the cloud is vital. Having ISO/IEC 27017 standard allows an internationally standardised framework that can help reduce the risk of data breaches and build customer trust by showing your commitment to information security. The standard also gives guidance to cloud service customers on what they should want from their cloud service hosts.

The standard covers a range of topics such as asset ownership, removal and return of assets when a customer contract has been terminated, protection and separation of a customer’s virtual environment and more. With a growing risk of cloud data breaches now more than ever is important to know you and your organisation are doing the most to try and reduce these risks as a cloud service provider and/or a cloud service customer.

As ISO 27017 is built from the foundations of ISO 27001 and ISO 27002 framework, the certification shows compliance internationally and helps your organization for both the cloud service providers and cloud service customers against risks within the cloud.

Menu-Logo.png

United Kingdom
Australia
Saudi Arabia 
Bahrain
Qatar
UAE
Ghana

Key services

PCI DSS
Cyber Security Framework
Data Privacy
ISO 27001
ASD Essential Eight
Vulnerability Assessment
Penetration Testing
GDPR
NIST

Important Links

Home
About
Services
Latest Blog

Get In Touch

Linkedin Twitter

© All rights reserved@GRC360