ISO/IEC 27017:2015
What is ISO 27017?
ISO/IEC 27017:2015 is an information security practice for cloud services. As an extension to ISO/IEC 27001:2013 and ISO/IEC 27002, it provides additional security controls for cloud service providers and customers. ISO 27017 gives guidance on 33 27002 controls, and provides some additional controls such as:
- How roles and responsibilities are shared between cloud service providers and customers
- How cloud service customers assets are removed and returned when a contract has terminated.
- How virtual computing environments are segragated.
- How virtual machines are securely hardened
- How critical operational procedures are documented
- How cloud service customers are allowed and able to monitor activities within the cloud
ISO 27017 can help you with:
- Customer trust
- Brand reputation
- Competitive advantage
- Data breaches
- Continued confidentiality
- Meet compliance
- Risk management
- Improved security
- Procurement
The standard provides guidance with 37 cloud controls based on ISO/IEC 27002, but also offers seven new cloud controls that address the following points:
- Who’s responsible for what between the cloud service provider and the cloud customer.
- The removal/return of assets when a contract is terminated.
- Protection and separation of the customer’s virtual environment.
- Virtual machine configuration.
- Administrative operations and procedures associated with the cloud environment, letting customers monitor relevant activities.
- Cloud customer monitoring of activity within the cloud.
- Virtual and cloud network environment alignment.
BENEFITS
ISO/IEC 27017 is a globally recognized framework that, when implemented, will effectively reduce the likelihood of data breaches, and increase customer trust by demonstrating your commitment to information security techniques. As a cloud service provider or a cloud service user, it is vital to show your organization is doing everything possible to minimize the risks posed by data breaches.Ensures that local regulations are complied with, reducing the risk of sanctions/fines for data breaches.
Helping your business grow: Creating more confidence in the business, maintaining brand reputation, and developing a competitive advantage for the company.
Show your customers and business partners with an ISO 27017 certificate, that information security is a priority for you.
What is the Kompleye certification process? Please Click here to learn more.
Would you like to learn more about information security management certification? Feel free to contact us!
HOW KOMPLEYE CAN HELP
With in-depth industry knowledge and extensive experience in the field of Cybersecurity Maturity Models like HITRUST-CSF, CSA Star Attestation, and Cybersecurity Frameworks (i.e. ISO 27001-2013, NIST 800-171), we aim to offer the finest quality of services to your organization. With a team of healthcare specialists who have extensive experience, we can make for a seamless and streamlined assessment process offering the most appropriate recommendations based on the imminent needs of your firm and operations. Simply get in touch with us for a 1-hour free consultation with an ISO certification process Partner. You will also get all relevant information regarding the ISO certification process. Simply contact us at info@kompleye.com or call +1(703) -814-0119.
NEED EXPERT SERVICES?
Kompleye is one of the best Cybersecurity and Compliance Audit organizations in the United States. Get your ISO certification done by highly experienced consultants in the United States.