Why is ISO/IEC 27017 important?

The ISO 27017 standard provides the following recommendations for information security controls applicable to the provision and use of cloud services: More detailed implementation instructions for pertinent controls listed in ISO/IEC 27002 Tailoring of additional controls to cloud services, along with implementation advice The benefits of the ISO 27017 certification process are as follows: Gives customers assurance and cloud-based direction Reduce risks associated with cloud customer storage Gives users of cloud services a framework Extension and improvement to ISO 27001 certification Creates a suitable framework for information security management

What is the process of ISO/IEC 27017 certification?

ISO/IEC 27001 is a certifiable standard, whereas 27017 is not. While going through the ISO 27001 certification process, you can certify against ISO 27017. To “certify” against ISO 27017, you must include the appropriate ISO 27017-related controls in the Statement of Applicability. While updating your risk management plan, establish the necessary controls, and convey the changes to your certification body. The certification body can then adjust the surveillance/certification audits based on your input.

Home
Services
Auditing and System Certification
ISO/IEC 27017 security controls for cloud services

ISO/IEC 27017 CLOUD SECURITY CERTIFICATION

Safeguard your cloud services through robust information security controls

//Contact us

WHAT IS ISO/IEC 27017 STANDARD AND WHO DOES IT APPLY TO?

Ever more businesses are offering cloud-based services to customers, and so purchasing departments increasingly demand evidence that data stored on those cloud servers is safe. ISO/IEC 27017 standard is a set of guidelines for safeguarding cloud-based environments and minimising the potential risk of security incidents.

The ISO 27017 cloud security standard addresses topics such as:

Asset ownership
Recovery plans if the cloud service provider (CSP) is dissolved
Disposal of assets containing sensitive information
Segregation and storage of data
Alignment of security management for virtual and physical networks

Any organisation which provides cloud-based services can benefit from ISO/IEC 27017 certification – from online email providers and document management platforms to cloud-based apps and tools. It demonstrates to customers that you are following the most stringent cloud services security standards and have processes in place to manage any unforeseen problems.

HOW CAN ISO/IEC 27017 CERTIFICATION HELP YOUR BUSINESS?

If your organisation provides cloud services your customers will want assurances that their data, documents, messages and activity are protected under any circumstances. They will also want evidence that they will be able to retrieve and move their data whenever they wish. ISO/IEC 27017 cloud standard gives them that confidence.

Becoming ISO/IEC 27017 certified provides multiple benefits:

Reduces operational risk

By adhering to the ISO/IEC 27017 guidelines you can efficiently analyse vulnerabilities and mitigate against data breaches, as well as regulatory fines and penalties.

Win market trust

An independent third-party assessment demonstrates your commitment to global information security practices. Winning stakeholder confidence delivers you a competitive advantage as potential investors and customers identify you as a responsible partner.
Define and clarify responsibilities

ISO/IEC 27017 clearly outlines the exact relationship, roles, rights and responsibilities between cloud service customers and cloud service providers, enabling you to become a preferred CSP and expand your business globally.

TÜV SÜD IS A TRUSTED ISO/IEC 27017 AUDITOR

TÜV SÜD is a world leader in cloud computing service auditing and assessments and works with companies around the globe to provide independent audits and certification. Based on years of technical experience, our auditors are able to rapidly understand your cloud system’s architecture and assess whether or not it conforms to the standard. If it is non-conformant, you can use our reports to see which areas you need to improve on and receive certification.

As TÜV SÜD is vendor agnostic, our assessments are both impartial and independent, and we follow the highest standards of auditing practice to ensure neutrality and reliability every time. Our rigorous approach ensures greater trust for your customers.

FREQUENTLY ASKED QUESTIONS

Why is ISO/IEC 27017 important?
The ISO 27017 standard provides the following recommendations for information security controls applicable to the provision and use of cloud services:
- More detailed implementation instructions for pertinent controls listed in ISO/IEC 27002
- Tailoring of additional controls to cloud services, along with implementation advice
The benefits of the ISO 27017 certification process are as follows:
1. Gives customers assurance and cloud-based direction
2. Reduce risks associated with cloud customer storage
3. Gives users of cloud services a framework
4. Extension and improvement to ISO 27001 certification
5. Creates a suitable framework for information security management
What is the process of ISO/IEC 27017 certification?

ISO/IEC 27001 is a certifiable standard, whereas 27017 is not. While going through the ISO 27001 certification process, you can certify against ISO 27017. To “certify” against ISO 27017, you must include the appropriate ISO 27017-related controls in the Statement of Applicability. While updating your risk management plan, establish the necessary controls, and convey the changes to your certification body. The certification body can then adjust the surveillance/certification audits based on your input.