ISO/IEC 27017

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Used with ISO/IEC 27001 series  of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards, ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation  of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual  and cloud network environment alignment

If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from.


How will a cloud service provider benefit from ISO/IEC 27017 certification?

  • Inspires trust in your business  – provides greater reassurance to your customers and stakeholders that data and information is protected.
  • Competitive advantage – demonstrates robust controls are in place to protect data.
  • Protects your brand reputation – reduces the risk of adverse publicity due to data. breaches.
  • Protects against fines – ensures that local regulations are complied with reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries making it easier to do business globally and gain access as a preferred supplier.

How will cloud service customers benefit from ISO/IEC 27017 training?

ISO/IEC 27017 is a unique technology standard in that it provides requirements for the customer as well as the cloud service provider.  IT Managers and other technical staff responsible for moving organizations to the cloud or expanding a cloud service engagement can reduce risks to their business by ensuring they understand their responsibilities and make more insightful decisions around their choice of provider(s). 


Where are you on your ISO/IEC 27017 certification journey?

Whether you’re new to ISO/IEC 27017 or looking to take your expertise further, we have the right training courses and resources. We offer packages that can be customized to your business to get you started with information security management. An ISO/IEC 27017 package can be designed to remove the complexity of getting you where you want to be – whatever your starting point.


Why choose BSI?

One Company, One Solution. By packaging assessment, training and a management system toolset, BSI delivers a business improvement solution that combines it all in a comprehensive service offering and allows us to provide an integrated approach to meet the needs of an organization and embed excellence across the business. BSI presents a one-stop value proposition from the decision to improve systems through to registration and continual improvement. From start to finish, BSI helps turn complexity into simplicity.