ISO 27017 Certification

Secure Information Security in Cloud Environments

ISO/IEC 27017 is an information security implementation standard developed specifically for cloud service providers and their customers. Building on ISO 27001, this standard aims to manage the risks specific to the cloud computing environment and ensure security in a more comprehensive manner.

Purpose of ISO 27017 Standard

ISO 27017 provides detailed guidance on how information security controls should be implemented according to the roles of both cloud service providers and service customers. It ensures the establishment of a secure structure in the cloud infrastructure within the framework of data privacy, access controls, transparency and responsibility principles.

Benefits of ISO 27017

• Cloud Security Specific Controls: Provides guidance for 7 new controls and 37 controls in addition to ISO 27001.
• Clarity for Service Provider and Customer Relationships: The security responsibilities of the parties are clearly defined.
• Data Security and Privacy: Data integrity and access security are protected in shared environments.
• Legal and Regulatory Compliance: Supports compliance processes with GDPR and similar regulations.
• Market Confidence and Competitive Advantage: You become a preferred business partner by certifying that you offer secure cloud service..

Finance and Technology Orientated Applications

In highly regulated sectors such as financial institutions, payment service providers, healthcare and infrastructure, the ISO 22301 standard is of great importance in managing operational risks and ensuring regulatory compliance. EBA is one of the building blocks of compliance with DORA and similar regulations.

Who is it suitable for?

• Cloud service providers (IaaS, PaaS, SaaS)
• Companies using cloud-based services
• Data centre operators
• Software companies and technology start-ups
• Sensitive data processing sectors such as banking, healthcare, finance and government

Why CFE CERT?

• Integrated audit experience with ISO 27001 infrastructure
• Auditors with technical expertise in cloud security
• Customised control set applications for SaaS and IaaS companies
• Internationally valid certification with IAS accreditation
• Audit and certification experience in 25+ countries

Certification Process

As CFE CERT, we offer ISO 27017 Certification service with our international experience. The certification process includes the following steps:

1. Pre-Audit (Optional) – Cloud-specific assessment of existing ISO 27001 infrastructure
2. Certification Audit – Phase 1 – Documentation, security policies, customer-vendor responsibilities are examined
3. Certification Audit – Phase 2 – The effectiveness of cloud controls in the application is audited on site
4. Certification – ISO/IEC 27017 conformity is provided to the organisations that are issued a certificate
5. Surveillance Audits – Monitoring is carried out annually to ensure system sustainability
6. Recertification – Every 3 years the integrity of the system is re-assessed