ISO/IEC 27017 is a security standard developed to create a more secure cloud-based environment and reduce the risk of security issues for cloud service providers and users. It is part of the ISO/IEC 27000 family of standards. This standard was created from ISO/IEC 27002 and recommends additional security controls for the cloud that are not fully defined in ISO/IEC 27002.
ISO/IEC 27017 provides guidelines supporting the implementation of information security controls for cloud service customers implementing the controls and for cloud service providers to support their implementation. The selection of appropriate information security controls and implementation of the provided implementation guidance will depend on a risk assessment and any legal, contractual, regulatory or other cloud industry specific information security requirements.
What does the standard provide?
Based on the internationally recognized ISO/IEC 27001 standard for information security, ISO/IEC 27017 provides additional guidance on cloud computing applications and platform solutions. Therefore, ISO/IEC 27001 certification is a prerequisite for the extension of ISO/IEC 27017 certification.
Many companies now rely on cloud services for external storage, data transfer or software reserve. Therefore, it has become much more important to protect data stored in the cloud, especially during transmission.
How will a cloud service provider benefit from ISO/IEC 27017 certification?
- Gives confidence to your business – gives your customers and stakeholders more assurance that data and information is protected.
- Competitive advantage – demonstrates that robust controls are in place to protect data.
- Protects your brand reputation – reduces the risk of negative images from data breaches.
- Protects against fines – ensures compliance with local regulations to reduce the risk of fines for data breaches.
- Helps your business grow – making it easier to do business in general in different countries and gain access as a preferred supplier.
By implementing additional controls in ISO/IEC 27017 and being evaluated externally by CFECERT, your organization reduces the risk of an information security breach and enables you to comply with local regulations.
Not only do you protect your organization from being a victim of cybercrime and large fines, but you also protect your brand reputation as the risk of negative publicity is reduced.
To have ISO/IEC 27001, ISO/IEC 27002 or ISO/IEC 27017 certification, you can contact us at email@example.com for more details.