In today’s interconnected world, information security is paramount. Building upon your ISO/IEC 27001 certification, ISO/IEC 27017 helps to protect information security by providing guidelines for ensuring the security of cloud services. The standard is based on ISO/IEC 27002, which sets out a code of practice for information security control.
ISO/IEC 27017 outlines cloud service provider (CSP) and customers’ responsibilities. It sets out both parties’ roles and responsibilities towards making cloud services as secure as other data within a certified information security management system (ISMS).
It also provides cloud-related guidance on several ISO/IEC 27002 controls, as well as some new cloud-related controls that address:
Achieving ISO/IEC 27017 certification will enable you to demonstrate your commitment to cloud security and to ensuring robust data protection controls.
Long-term benefits of certification include:
There are seven steps to the process:
ISO/IEC 27017 contributes to UN Sustainable Development Goals eight and nine.
We have extensive expertise in IT security techniques and cloud security. We can help you along the path to certification with an ISO/IEC 27017 certification audit, which includes a gap assessment and benchmarking.
An ISO/IEC 27017 certification audit can be done with the organization’s ISO/IEC 27001 certification audit or after a successful ISO/IEC 27001 audit.
Contact us to learn more about ISO/IEC 27017 certification audits.