ISO 27017 Cloud Security Manager

Qualifying People - Developing Future

Qualifying People - Developing Future

Course introduction

TÜV SÜD South Asia organizes ISO-IEC 27017 Cloud Security Manager certification program which enables participants to develop the competence needed to implement and manage a cloud security program by following widely recognized best practices. This 3 day certification course helps participants clearly identify who is responsible to manage the different security risks and ensure the appropriate cloud security controls are in place so you can maintain a resilient ISMS for cloud services.

Course objectives

At the end of this program, the participants will be able to:

  • Identify key benefits associated with using ISO/IEC 27017:2015 for cloud services, alongside an effective ISMS
  • Acknowledge the relationship between ISO/IEC 27001,  ISO/IEC 27017, ISO/IEC 27018, and other standards and regulatory frameworks
  • Consider the risks associated with using cloud services
  • Implement appropriate cloud-related controls
  • Continually improve information security for cloud services

course content/outline

Day One

  • Cloud fundamentals
  • Key terms and definitions
  • Benefits of ISO 27017
  • Relationship between ISO 27001 and 27018
  • Managing information security risks in cloud services

Day Two

Selecting and implementing ISO 27002 controls when extended to cloud services:

  • Information Security Policies
  • Organisation of information security policies
  • HR security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communication security
  • SAcDM

Day Three

Continued – Selecting and implementing ISO 27002 controls when extended to cloud services:

  • Supplier relationships
  • Incident management
  • Business continuity
  • Compliances
  • Cloud services extended control set (Annex A)

Practice exam
Certification exam

Who should attend

Anyone who plans, implements, monitors, assesses an information security management system either as a customer or service provider of cloud services.

Training duration

3 days


  • Basic knowledge on ISO/IEC 27001/ISO 27002 standards
  • Basic understanding of cloud computing concepts

Exam details (duration, pattern)

  • Participants will be assessed through a 40 marks objective type examination (open book) at the end of the course.
  • Minimum passing% criteria: 70%.( 28 Marks)


TÜV SÜD certificate of ISO/IEC 27017 Cloud Security Manager will be issued to participants after successful completion of the course.

Next Steps

Site Selector