ISO 27017:2015

Safeguard your cloud services through robust information security controls
  • Features and Benefits
  • Applicability
  • Consulting Methodology

The primary features of ISO 27017:2015 can be resolved into the below-mentioned points:

ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management. This standard was built from ISO/IEC 27002, suggesting additional security controls for the cloud which were not completely defined in ISO/IEC 27002.

This International Standard provides guidelines supporting the implementation of information security controls for cloud service customers, who implement the controls, and cloud service providers to support the implementations of those controls. The selection of appropriate information security controls and the application of the implementation guidance provided will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector-specific information security requirements.

7 additional controls related to cloud services which address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer.
  • The removal or return of assets at the end of a contract.
  • Protection and separation of the customer’s virtual environment.
  • Virtual machine configuration.
  • Administrative operations and procedures associated with the cloud environment.
  • Cloud customer monitoring of activity.
  • Virtual and cloud network environment alignment.

Any organisation which provides cloud-based services can benefit from ISO/IEC 27017 certification – from online email providers and document management platforms to cloud-based apps and tools. It demonstrates to customers that you are following the most stringent cloud services security standards and have processes in place to manage any unforeseen problems.

If your organisation provides cloud services your customers will want assurances that their data, documents, messages and activity are protected under any circumstances. They will also want evidence that they will be able to retrieve and move their data whenever they wish. ISO/IEC 27017 cloud standard gives them that confidence.
Becoming ISO/IEC 27017 certified provides multiple benefits:

  • Reduces operational risk 
    By adhering to the ISO/IEC 27017 guidelines you can efficiently analyse vulnerabilities and mitigate against data breaches, as well as regulatory fines and penalties.
  • Win market trust 
    An independent third-party assessment demonstrates your commitment to global information security practices. Winning stakeholder confidence delivers you a competitive advantage as potential investors and customers identify you as a responsible partner.
  • Define and clarify responsibilities
    ISO/IEC 27017 clearly outlines the exact relationship, roles, rights and responsibilities between cloud service customers and cloud service providers, enabling you to become a preferred CSP and expand your business globally.

Ever more businesses are offering cloud-based services to customers, and so purchasing departments increasingly demand evidence that data stored on those cloud servers is safe. ISO/IEC 27017 is a set of guidelines for safeguarding cloud-based environments and minimising the potential risk of security incidents.

Concept Building Training

Training to client team about conceptual understanding about the requirements and explaining key triggers for the need of implementation

Gap Analysis Report of IT Infrastructure & Configuration

Our domain expert team shall assess the existing IT infrastructure concerning networking and data security controls to manage information security, privacy and business continuity and provide detail report of gaps and possible solutions

Articulating the Documented Management System

Development of customized management system including policy, system manuals, system procedures, risk assessment frameworks, security control SOPs/policies and templates 

Conducting Risk / Privacy Assessment

Advisory and handholding support to client for completion of risk assessments, applying controls and publishing residual risk inventory to top management

Implementation Training

Imparting one to one session with key implementation team for the documented management system and its implementation tactics

Implementation Handloading

Extending consulting support to resolve routine queries and ensure effective implementation of the requirements

Internal Auditor Training

Detail understanding of clause requirements and audit techniques with case studies and exam

Conducting the Internal Audit

Consulting team and trained internal auditors of client team performs internal audit covering all requirements and issuance of the audit report

Closer of Audit Findings

Assistance and handholding support to the client to close the internal audit findings and get ready for certification assessment

Face the Certification Audit

International Certification Bodies / Regulatory Bodies shall conduct a final assessment and issue an audit report 

Issuance of Certificate by Certification Body

Upon the final closure of audit findings, the client gets the certification

Consulting Support for Subsequent Surveillance & Recertification Audit

As part of our long-term client relationship, we extend consulting support for all future certification and partnering the journey of growth for our esteemed clients

Related Service

Searching for an Expert Consultant?

GET SOLUTIONS FAST

Searching for an Expert Consultant?

HEAD OFFICE
306-307, Inceptum, Opp. Hotel Planet Landmark, Off Sarkhej - Gandhinagar Highway, Bopal Road, Ambli, Ahmedabad, Gujarat

Copyright © Technocrat