ISO 27017 Code of practice for Cloud Services

What is ISO 27017?

ISO/IEC 27017 is a security standard developed for cloud service providers (CSP) and customers (CSC) to make a more secure cloud-based environment by implementing controls to reduce the risk of a security and cyber threats.

 It’s based on the code of practice for information security controls for in ISO 27002 but focuses on cloud services. The standard introduces 7 new controls and enhancements to 38 existing security controls from ISO 27001 and ISO 27002 and gives guidance for both Cloud Service Providers (CSP) and Cloud Service Customers (CSC).

As a new standard, it reflects the continually changing landscape of IT and the security controls to be implemented to ensure that information and systems remain secure from the growing security and cyber threats.

Benefits from implementing the standard

  • It will help to define the responsibilities between the cloud service provider and the cloud customer
  • Helps to manage the removal or return of assets when a contract is terminated
  • Ensures the protection and separation of the customer’s virtual environment
  • Provides virtual machine configuration and administrative operations and procedures associated with the cloud environment
  • Provides cloud customer monitoring of activity within the cloud
  • Alignment of virtual and cloud network environment
  • Provides Cloud Service Customers with practical information on what to expect from Cloud Service Providers
  • Aligns with ISO 27001 Annex A controls and ISO 27002

How we can help:

Blackmores specialise in helping you to implement and maintain your ISO 27017 Information Security Management System across London, Hertfordshire and Bedfordshire, and UK wide. We can also assist with International locations, having experience of working in 27 other countries.

Conduct an ISO 27017 Gap Analysis – To help establish your strengths and weaknesses.

ISO 27017 Consultant – We have a skilled team of consultants to help you implement a Management System. From London to the UAE, we have experience working internationally across many sectors.

Internal Audits – We can help you to plan and conduct Internal Audits to verify your compliance with ISO 27017.

On-Site support – We can provide support during External Audits carried out by Certification Bodies.

Request a quote for Certification – We can send a request for quote to 3 UKAS certified Certification Bodies on your behalf. This is done free of charge on request.

Need assistance with ISO 27017, simply Contact Us.

We also have a podcast short podcast summarising ISO 27017 available to watch Here.

Get Supported >

Want more info on ISO 27017 Code of practice for Cloud Services?