Choose another country to see content specific to your location

//Select Country

ISO/IEC 27017 Security Control for Cloud Services

Safeguard your cloud services through robust information security controls

World over, organisations are increasingly getting aware of the business value that cloud computing brings and are taking steps towards transition to the cloud. A smooth transition entails a thorough understanding of the benefits as well as challenges involved. One of the key challenges of cloud computing is how it addresses the security and privacy concerns of businesses planning to adopt it and those of cloud service providers (CSPs) implementing it. The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns. Hacking and various cyber-attacks to the cloud infrastructure can have a domino effect and affect multiple clients even if only one site is attacked. As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore viable security options in order to protect their information systems.

What is ISO 27017?

Organisations seeking to approach Cloud Security in a structured and reliable manner can benefit greatly from the ISO/IEC 27017 guidelines for Cloud Security. ISO/IEC 27017 is a standard developed for cloud service providers and users for securing the cloud-based environment and minimising potential risk of a security incident.

ISO/IEC 27017 is designed to assist in the recommendation and implementation of controls for cloud-based organisations. This is not only relevant to organisations which store information in the cloud, but also for providers which offer cloud-based services to other companies who may have sensitive information. This standard is built upon the ISO 27002 standard, but allows for specific controls to be added for the needs of cloud organisations and their end-users.

The assessment is normally structured in tailor-made steps of verification. The output of this verification process can be made available both internally within the company and publicly. The organisation may also choose to define a boundary for assessment in relation to the core issues of the standard, focusing on the ones that are most crucial to the organisation itself and their business practices.

Why is ISO/IEC 27017 Important?

Cloud data security is vital, as clients will want to be sure that their data is safe while stored in the cloud. ISO/IEC 27017 standard allows the organisation to commit to a long-term goal. The organisation will have an internationally standardised framework to base their Cloud Security. Upon the internalisation of the requirements needed, the organisation will be able to reduce operational and reputation risks and work towards a sustainable future. The standard extensively covers topics like asset ownership, recovery action if the CSP gets dissolved, disposal of assets with sensitive information, segregation and storage of data, alignment of security management for virtual and physical networks and others.

How can we help you

An internationally accredited Certification Body, we provide the expertise and experience to assess your organisation to the requirements of ISO/IEC 27017. We assess the gap between company declaration on cloud security and the implementation. We identify the areas of concerns and opportunities for the company cloud security strategy and provide support on identification of a core business strategy linked to cloud security. TÜV SÜD, with a tailor-made assessment tool, can measure a programme’s performance and identify improvements and risks linked to an organisation’s business strategy.

FOUR STEPS TO CERTIFICATION
Step 1: 
Get in touch with us to receive a customised quote, including detailed costs, planning and time required
Step 2: We conduct in-depth assessment
Step 3: Report is released to you
Step 4: Issuance of ISO/IEC 27017 certification

The assessment is normally structured in tailor-made steps of verification. The output of this verification process can be made available both internally within the company and publicly. The organisation may also choose to define a boundary for assessment in relation to the core issues of the standard, focusing on the one that is most crucial to the company itself and its business practices.

Your benefits at a glance

  • Develop a long-term strategy - By adhering to the ISO/IEC 27017 guidelines, you minimise reputational risks and issues related to cloud security and sustainable development. This will encourage potential investors and sponsors to look at you as a responsible partner.
  • Increase transparency - A third party assessment will help the company to demonstrate to stakeholders its foothold in global information security practices and ability to meet the requirements industry standards.                       
  • Reduce reputation risks - Implementing a strategy based upon ISO/IEC 27017, the company will be able to analyze its own vulnerabilities and mitigate the risk of data breaches. The external assessment conducted by us will support you in identifying risks and reducing them.
  • Win customer trust – By mitigating the risk of data breach and other cyber-attacks, you win stakeholder confidence and gain competitive advantage.
  • Expand your business – Become a preferred CSP and expand your business globally by adhering to the international guidelines of ISO 27017.
  • Meet compliance – Implementing ISO/IEC 27017 will help you to adhere to the national and international regulations, thus, mitigating the risk of regulatory fines and penalties for data breaches and other cyber-attacks.
  • Inclusive standard – Within the cloud computing environment, ISO/IEC 27017 clearly outlines the exact relationship, roles, rights and responsibilities between cloud service customer and cloud service provider.

Next Steps

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa