ISO 27017
ISO 27017 is a code of practice which provides enhanced controls designed specifically for Cloud Services. Our ISO 27017 Consultants are knowledgeable in the whole ISO 27000 family of Information Security Standards, and can help you extend your management system to ensure you have the tools to effectively manage risks using a full range of controls.
ISO 27001 and ISO 27017
The most effective implementation of the ISO 27017 Information Security Controls for Cloud Services is by applying them to an extended ISO 27001 Information Security Management System. ISO 27001 sets out minimum requirements and includes 114 Controls, however many organisations also use the additional guidance from ISO 27002 to extend the controls. ISO 27017 extends some of these controls even further to make them more applicable to cloud services.
Key Themes of ISO 27017
7 New Cloud Controls
In addition to the extended controls, there are seven new areas to address:
- Responsibilities Between Cloud Service Provider and the Cloud Customer.
- Removal and Return of Assets on Termination.
- Protection and Separation of the Customer’s environment.
- Virtual Machine Configuration. ▪ Administrative operations and procedures.
- Activity Monitoring.
- Alignment of Virtual and Cloud Environments.
Our ISO 27017 Consultants can help you understand and apply these controls as appropriate to your organisation, managing the risks of using cloud services.
Cloud Services
Many individuals and organisations use cloud services on a daily basis, and their popularity continues to grow due to the many benefits they bring. However, this business model is still relatively new and continues to evolve through SaaS, PaaS and IaaS. ISO 27017 provides explicit guidance on the responsibilities of both the cloud service provider and the cloud customer, bring much needed clarity throughout the cloud models.
Benefits of ISO 27017
- Clear differentiator from competitors,
- Protect & Improve your reputation,
- Demonstrate commitment to Information Security,
- Better management of cloud service risks,
- Comprehensive risk management programme,
- Established framework ready from growth.
Progressive risk and resilience business management management consultancy built for the digital age
info@qprotect.ukPrivacy policyCookie policyTerms of Use