Contact

What are you looking for?

ISO/IEC 27017 Certification – Information Security for Cloud Services

Demonstrate your commitment to providing secure cloud services with an audit against the ISO/IEC 27017 standard.

In today’s interconnected world, information security is paramount. Building upon your ISO/IEC 27001 certification, ISO/IEC 27017 helps to protect information security by providing guidelines for ensuring the security of cloud services. The standard is based on ISO/IEC 27002, which sets out a code of practice for information security control.

ISO/IEC 27017 outlines cloud service provider (CSP) and customers’ responsibilities. It sets out both parties’ roles and responsibilities towards making cloud services as secure as other data within a certified information security management system (ISMS).

It also provides cloud-related guidance on several ISO/IEC 27002 controls, as well as some new cloud-related controls that address:

  1. CSP and customer responsibilities
  2. Removing/returning assets when a contract terminates
  3. Protecting and separating the customer’s virtual environment
  4. Virtual machine configuration
  5. Cloud environment administrations and procedures
  6. Monitoring customer activity within the cloud
  7. Virtual and cloud network environment alignment

Achieving ISO/IEC 27017 certification will enable you to demonstrate your commitment to cloud security and to ensuring robust data protection controls.

Long-term benefits of certification include:

  • Protection against fines and penalties
  • Increased confidence in your business
  • Competitive advantage
  • Increased potential for business growth

What is the ISO/IEC 27017 certification process?

There are seven steps to the process:

  1. Application and quote
  2. Competence analysis – identify gaps in skills and competence at the outset
  3. Gap assessment – identify any weaknesses before the formal audit
  4. Stage 1 audit – confirmation that implementation is on track
  5. Stage 2 audit – confirmation that implementation is complete
  6. Certification – share your success
  7. Ongoing improvement – regular surveillance visits

Aligning with the UN Sustainable Development Goals (SDGs)

ISO/IEC 27017 contributes to UN Sustainable Development Goals eight and nine.

How can SGS help?

We have extensive expertise in IT security techniques and cloud security. We can help you along the path to certification with an ISO/IEC 27017 certification audit, which includes a gap assessment and benchmarking.

An ISO/IEC 27017 certification audit can be done with the organization’s ISO/IEC 27001 certification audit or after a successful ISO/IEC 27001 audit.

Contact us to learn more about ISO/IEC 27017 certification audits.

Related Services

More Services

News & Insights

  • SGS Lanka (Pvt) Ltd.,

3rd Floor, AEC Building,

140 Vauxhall Street, 02,

Colombo,

Sri Lanka