What is ISO 27017?

ISO 27017 is a security standard developed for cloud service providers (CSP) and customers (CSC) to make a more secure cloud-based environment by implementing controls to reduce the risk of security and cyber threats.

The ISO 27017 certification is based on the code of practice for information security controls for ISO 27002 but focuses on cloud services. The standard introduces 7 new controls and enhancements to 38 existing security controls from ISO 27001 and ISO 27002 and gives guidance for both Cloud Service Providers (CSP) and Cloud Service Customers (CSC).

As a new standard, ISO 27017 reflects the continually changing landscape of IT and the security controls to be implemented to ensure that information and systems remain secure from growing security and cyber threats. This is why obtaining an ISO 27017 certification is vital in keeping you, your clients, and your customers’ data secure on cloud services.

Benefits of an ISO 27017 certification

  • It will help to define the responsibilities between the cloud service provider and the cloud customer
  • Helps to manage the removal or return of assets when a contract is terminated
  • Ensures the protection and separation of the customer’s virtual environment
  • Provides virtual machine configuration and administrative operations and procedures associated with the cloud environment
  • Provides cloud customer monitoring of activity within the cloud
  • Alignment of virtual and cloud network environment
  • Provides Cloud Service Customers with practical information on what to expect from Cloud Service Providers
  • Aligns with ISO 27001 Annex A controls and ISO 27002

How can ISO 27017 Certification help win more Tenders?

In a variety of industries, ISO 27017 certification is now a very common demand during the PQQ (Pre-Qualifying Questionnaire) stage of the tendering process.

It can be challenging to successfully structure, format, and communicate in your tendering application document how your company controls and safeguards it’s cloud-based environment.

Achieving ISO 27017 Certification means your business will now have a well-documented management system that has been implemented and executed. Having these policies and procedures in place now means that the majority of the responses to tendering questions will be easily accessible.

How we can help

Blackmores specialise in helping you to implement and maintain your ISO 27017 Information Security Management System across London, Hertfordshire and Bedfordshire, and UK-wide. We can also assist with international locations, having experience of working in 27 other countries.

Conduct an ISO 27017 Gap Analysis – To help establish your strengths and weaknesses.

ISO 27017 isologists® – We have a skilled team of consultants to help you implement a Management System. From London to the UAE, we have experience working internationally across many sectors.

Internal Audits – We can help you to plan and conduct Internal Audits to verify your compliance with ISO 27017.

On-Site Support – We can provide support during External Audits carried out by Certification Bodies.

Request a quote for Certification – We can send a request for a quote to 3 UKAS-certified Certification Bodies on your behalf. This is done free of charge on request.

Need assistance with ISO 27017, simply Contact Us.

We also have a podcast short podcast summarising ISO 27017 available to watch Here.

ISO 27017 Videos

ISO Download

Download the ISO Standards Blueprint

A step-by-step checklist for getting ISO certified

What our clients have to say

The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.

Kalil Vandi

“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”

David Gibson

Photon Lines Ltd

“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year.  We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”

Mandy Welsby

Jaama Ltd

“We have been extremely impressed with the service and support provided by Blackmores.  There knowledge and assistance through out our ISO journey has been amazing!”

Philip Hannabuss

Dome Consulting

“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”

Phil Geens

Kingsley Napley

“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”


Our 7 Steps to Success

The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.

Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!