Organisations seeking to approach Cloud Security in a structured and reliable manner can benefit greatly from the ISO/IEC 27017 guidelines for Cloud Security. ISO/IEC 27017 is a standard developed for cloud service providers and users for securing the cloud-based environment and minimising potential risk of a security incident.
ISO/IEC 27017 is designed to assist in the recommendation and implementation of controls for cloud-based organisations. This is not only relevant to organisations which store information in the cloud, but also for providers which offer cloud-based services to other companies who may have sensitive information. This standard is built upon the ISO 27002 standard, but allows for specific controls to be added for the needs of cloud organisations and their end-users.
The assessment is normally structured in tailor-made steps of verification. The output of this verification process can be made available both internally within the company and publicly. The organisation may also choose to define a boundary for assessment in relation to the core issues of the standard, focusing on the ones that are most crucial to the organisation itself and their business practices.
Cloud data security is vital, as clients will want to be sure that their data is safe while stored in the cloud. ISO/IEC 27017 standard allows the organisation to commit to a long-term goal. The organisation will have an internationally standardised framework to base their Cloud Security. Upon the internalisation of the requirements needed, the organisation will be able to reduce operational and reputation risks and work towards a sustainable future. The standard extensively covers topics like asset ownership, recovery action if the CSP gets dissolved, disposal of assets with sensitive information, segregation and storage of data, alignment of security management for virtual and physical networks and others.
An internationally accredited Certification Body, we provide the expertise and experience to assess your organisation to the requirements of ISO/IEC 27017. We assess the gap between company declaration on cloud security and the implementation. We identify the areas of concerns and opportunities for the company cloud security strategy and provide support on identification of a core business strategy linked to cloud security. TÜV SÜD, with a tailor-made assessment tool, can measure a programme’s performance and identify improvements and risks linked to an organisation’s business strategy.
FOUR STEPS TO CERTIFICATION
Step 1: Get in touch with us to receive a customised quote, including detailed costs, planning and time required
Step 2: We conduct in-depth assessment
Step 3: Report is released to you
Step 4: Issuance of ISO/IEC 27017 certification
The assessment is normally structured in tailor-made steps of verification. The output of this verification process can be made available both internally within the company and publicly. The organisation may also choose to define a boundary for assessment in relation to the core issues of the standard, focusing on the one that is most crucial to the company itself and its business practices.
Our global experts are well-equipped to provide tailor-made assessments on the Information Security Management Systems and Cloud Security based on international standards such as ISO/IEC 27001 and ISO/IEC 27017. The assessment process will help the organisation gain insights from an external party. We are vendor agnostic; hence, we provide impartial and independent assessment. The impartiality and expert point of view offered will help shape the strategy and maintain consistency of the cloud security program. It will also help identify risks linked to specific areas such as supply chain management, which has ties to Information security.
Our auditors are qualified and certified for multiple standards; hence, client can go for a combine audit for multiple standards in the same audit schedule. Through our worldwide network of professionals, we can provide ISO/IEC 27017 services globally.
TÜV SÜD is a premium quality, safety and sustainability solutions provider that specialises in testing, inspection, auditing, certification, training and knowledge services. Represented in over 1,000 locations worldwide, we hold accreditations in Europe, the Americas, the Middle East and Asia. By delivering objective solutions to our customers, we add tangible value to businesses, consumers and the environment.
TÜV SÜD provides the following related management system certification services:
- ISO/IEC 27001 – Information security
- ISO/IEC 20000-1 – Information technology
- ISO 22301 – Business continuity management
- ISO/IEC 27018 – Cloud privacy