Benefits of ISO 27017 certificate?

Why get an ISO 27017 certificate?

 

ISO/IEC 27017 is a set of information security frameworks for organizations that use (or are considering to use) cloud services. Cloud service providers need to comply with this standard because it provides a consistent and comprehensive approach for their cloud service customers (and others) to ensure their information security.

​

ISO 27017 is part of the ISO/IEC 27000 family of standards and provides best practice guidance for information security management. Derived from ISO/IEC 27002, the standard complements the cloud security control measures, which have not been fully specified in ISO/IEC 27002 yet. Guidance for the further implementation of the additional and related control measures in ISO/IEC 27002, including the particular rules for using cloud services.

​

This international standard provides guidance for cloud service customers to adopt the new control measures and also for cloud service providers to facilitate the implementation. This information security framework defines the consistency of security management for cloud computing, virtual and physical networks.

​

ISO 27017 takes all necessary security precautions, risk-based online security analysis, and extends them directly to the cloud security, making information security control measures applicable to this framework.

​

If your customers were highly dependent on cloud services, ISO27017 could help and make up a deficiency of ISO27001. The standard control measures particularly include the following matters.

• Solve the relationship between cloud service provider and customer

• Solve the problems of both removal and return of assets after contract termination.

• Protect and isolate customers’ virtual environment, virtual machine configuration, and the operations and procedures in the cloud environment, allowing customers to monitor related activities.

• Enable cloud customers to monitor cloud service activities.