ISO/IEC 27017

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Used with ISO/IEC 27001 series  of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new  cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation  of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual  and cloud network environment alignment

If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from

How will a cloud service provider benefit from ISO/IEC 27017 certification?

  • Inspires trust in your business  – provides greater reassurance to your customers and stakeholders that data and information is protected.
  • Competitive advantage – demonstrates robust controls are in place to protect data
  • Protects your brand reputation – reduces the risk of adverse publicity due to data breaches.
  • Protects against fines – ensures that local regulations are complied with reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries making it easier to do business globally and gain access as a preferred supplier.

How will cloud service customers benefit from ISO/IEC 27017 training?

ISO/IEC 27017 is a unique technology standard in that it provides requirements for the customer as well as the cloud service provider.  IT Managers and other technical staff responsible for moving organizations to the cloud or expanding a cloud service engagement can reduce risks to their business by ensuring they understand their responsibilities and make more insightful decisions around their choice of provider(s).

Where are you on your ISO/IEC 27017 certification journey?

Whether you’re new to ISO/IEC 27017 or looking to take your expertise further, we have the right training courses and resources. We offer packages that can be customized to your business to get you started with information security management. An ISO/IEC 27017 package can be designed to remove the complexity of getting you where you want to be – whatever your starting point.

Why choose BSI?

We pioneered standards more than 100 years ago and today we’re the market leader. We help over 80,000 organizations ranging from top global brands to small ambitious businesses in 172 countries worldwide to gain an edge over their competition. As one of the few organizations that understands standards from start to end, we don’t only assess how well you’re meeting them, we create new standards from scratch and train teams globally to use them and perform better. Our knowledge can transform your organization.