SO/IEC 27017:2015 is an information security code of practice for cloud services. It’s an extension to ISO/IEC 27001:2013 and ISO/IEC 27002, and it provides additional security controls for cloud service providers and for cloud service customers. An organization implementing the standard would select the relevant controls for their circumstances.
Provides external assurance to customers that information processed in the cloud by their cloud service provider is secure.
It helps reduce the risk of a security breach and other risks, this will increase stakeholders trust.
It extends and enhances a clients ISO 27001 certification.
Provides a comprehensive information security management framework for cloud services customers and in so doing it holds their providers to account.
Provides a comprehensive information security management framework for cloud services customers and in so doing it holds their providers to account.
Making clients feel safe about their data being stored in the cloud is vital. Having ISO/IEC 27017 standard allows an internationally standardised framework that can help reduce the risk of data breaches and build customer trust by showing your commitment to information security. The standard also gives guidance to cloud service customers on what they should want from their cloud service hosts.
The standard covers a range of topics such as asset ownership, removal and return of assets when a customer contract has been terminated, protection and separation of a customer’s virtual environment and more. With a growing risk of cloud data breaches now more than ever is important to know you and your organisation are doing the most to try and reduce these risks as a cloud service provider and/or a cloud service customer.
As ISO 27017 is built from the foundations of ISO 27001 and ISO 27002 framework, the certification shows compliance internationally and helps your organization for both the cloud service providers and cloud service customers against risks within the cloud.
PCI DSS
Cyber Security Framework
Data Privacy
ISO 27001
ASD Essential Eight
Vulnerability Assessment
Penetration Testing
GDPR
NIST
© All rights reserved@GRC360