ISO 27017 is a code of practice which provides enhanced controls designed specifically for Cloud Services.
Our ISO 27017 Consultants are knowledgeable in the whole ISO 27000 family of Information Security Standards, and can help you extend your management system to ensure you have the tools to effectively manage risks using a full range of controls.
ISO 27001 and ISO 27017
The most effective implementation of the ISO 27017 Information Security Controls for Cloud Services is by applying them to an extended ISO 27001 Information Security Management System.
ISO 27001 sets out minimum requirements and includes 114 Controls, however many organisations also use the additional guidance from ISO 27002 to extend the controls. ISO 27017 extends some of these controls even further to make them more applicable to cloud services.
7 New Cloud Controls
In addition to the extended controls, there are seven new areas to address:
- Responsibilities Between Cloud Service Provider and the Cloud Customer.
- Removal and Return of Assets on Termination.
- Protection and Separation of the Customer’s environment.
- Virtual Machine Configuration.
- Administrative operations and procedures.
- Activity Monitoring.
- Alignment of Virtual and Cloud Environments.
Our ISO 27017 Consultants can help you understand and apply these controls as appropriate to your organisation, managing the risks of using cloud services.
Many individuals and organisations use cloud services on a daily basis, and their popularity continues to grow due to the many benefits they bring.
However, this business model is still relatively new and continues to evolve through SaaS, PaaS and IaaS.
ISO 27017 provides explicit guidance on the responsibilities of both the cloud service provider and the cloud customer, bring much needed clarity throughout the cloud models.
ISO 27017 Certification
While ISO 27017 Certification is not common, and there is currently no UKAS accredited scheme, some respected certification bodies will include the ISO 27017 Cloud Services Controls within the scope of an ISO 27001 Management System.
Our ISO 27017 Consultants can guide you through the process of defining an appropriate management system scope and attain an independent and impartial audit of these extended controls.
Benefits of ISO 27017
- Clear differentiator from competitors,
- Protect & Improve your reputation,
- Demonstrate commitment to Information Security,
- Better management of cloud service risks,
- Comprehensive risk management programme,
- Established framework ready from growth.
ISO 27002 provides extended guidance on the 114 controls within ISO 27001.
ISO 27018 provides specific guidance and controls for Personal Identifiable Information (PII) in Public Clouds.