ISO 27017 Consultants

ISO 27017 is a code of practice which provides enhanced controls designed specifically for Cloud Services.

Our ISO 27017 Consultants are knowledgeable in the whole ISO 27000 family of Information Security Standards, and can help you extend your management system to ensure you have the tools to effectively manage risks using a full range of controls.

ISO 27001 & ISO 27017

The most effective implementation of the ISO 27017 Information Security Controls for Cloud Services is by applying them to an extended ISO 27001 Information Security Management System.

ISO 27001:2022 sets out minimum requirements and includes 93 Controls, however many organisations also use the additional guidance from ISO 27002 to extend the controls. ISO 27017 extends some of these controls even further to make them more applicable to cloud services

7 New Cloud Controls

Our ISO 27017 Consultants can help you understand and apply these controls as appropriate to your organisation, managing the risks of using cloud services.

In addition to the extended ISO 27001 controls, there are seven new areas to address:

Responsibilities Between Cloud Service Provider & the Cloud Customer.
Removal & Return of Assets on Termination.
Protection & Separation of the Customer’s environment.
Virtual Machine Configuration.
Administrative operations & procedures.
Activity Monitoring.
Alignment of Virtual & Cloud Environments.

Cloud Services

Many individuals and organisations use cloud services on a daily basis, and the popularity continues to grow due to the many benefits they bring.

However, this business model is still relatively new and continues to evolve through SaaS, PaaS and IaaS.

ISO 27017 provides explicit guidance on the responsibilities of both the cloud service provider and the cloud customer, bring much needed clarity throughout the cloud models.

ISO 27017 Certification

While ISO 27017 Certification is not common, and there is currently no UKAS accredited scheme, some respected certification bodies will include the ISO 27017 Cloud Services Controls within the scope of an ISO 27001 Management System.

Our ISO 27017 Consultants can guide you through the process of defining an appropriate management system scope and attain an independent and impartial audit of these extended controls.

Benefits of ISO 27017

Clear differentiator from competitors,
Protect & Improve your reputation,
Demonstrate commitment to Information Security,
Better management of cloud service risks,
Comprehensive risk management programme,
Established framework ready from growth.

Other Standards

ISO 27001

The Information Security Management System (ISMS), in conjunction with ISO 27002 which provides more guidance on each Annex A Control.

Find Out More

ISO 27018

ISO 27018 provides specific guidance and controls for Personal Identifiable Information (PII) in Public Clouds.

Find Out More

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.