ISO/IEC 27017 certification

ISO/IEC 27017 is an international standard safeguarding cloud-based environments and minimising the risk of security incidents. Certification demonstrates your commitment to information security practices. It shows that you are following the most stringent cloud services security standards, and have processes in place to manage any unforeseen problems.

TÜV SÜD’s ISO/IEC 27017 certification service supports providers of cloud-based services. This includes online email providers, document management platforms, and cloud-based apps and tools.

The standard’s guidelines address topics such as:

• Asset ownership
• Recovery plans if the cloud service provider (CSP) is dissolved
• Disposal of assets containing sensitive information
• Segregation and storage of data
• Alignment of security management for virtual and physical networks

If you are a cloud services provider, your customers want confidence that their data, documents, messages and activity are protected completely. They also want evidence that they will be able to retrieve and move their data whenever they wish. ISO 27017 cloud security certification gives them that assurance.

Becoming ISO 27017 certified:

• Reduces operational risk: You can efficiently analyse vulnerabilities and mitigate against data breaches, regulatory fines, and penalties.
• Wins market trust: An independent third-party assessment demonstrates your commitment to global information security practices. Potential investors and customers identify you as a responsible partner. Winning stakeholder confidence delivers you a competitive advantage.
• Defines and clarifies responsibilities: ISO 27017 clearly outlines the exact relationship, roles, rights and responsibilities between cloud service customers and providers. You to become a preferred CSP and expand your business globally.

TÜV SÜD is a world leader in cloud computing service auditing and assessments. We provide independent audits and certification to organisations around the globe. Our experienced technical auditors can rapidly understand your cloud system’s architecture, to assess if it conforms to the ISO 27017 cloud security standard. You can use our reports to identify the areas you need to improve and receive certification.

As TÜV SÜD is vendor agnostic, our assessments are both impartial and independent. We follow the highest standards of auditing practice to ensure neutrality and reliability every time. Our rigorous approach builds greater trust with your customers.