ISO 27017 CLOUD SECURITY CERTIFICATION

In the contemporary, technology-driven landscape, cloud computing applications and platform solutions play a pivotal role in the operations of most organisations. As organisations increasingly embrace the cloud, ensuring the security of information stored in this dynamic environment becomes paramount.

What is ISO 27017?

The official name of ISO/IEC 27017 is Code of practice for information security controls based on ISO/IEC 27002 for cloud services. ISO 27017 serves as a comprehensive framework, offering guidelines and protocols specifically designed to fortify the security of information residing in the cloud. This internationally recognised standard establishes critical processes and procedures, ensuring the robust protection of data in the cloud environment.

Key Features of ISO 27017
1. Tailored Security Controls: ISO 27017 provides tailored security controls that address the unique challenges posed by cloud computing. It goes beyond conventional approaches, offering a nuanced set of measures for enhanced cloud security.

2. Shared Responsibility Clarity: The standard brings clarity to the shared

responsibilities of both cloud service providers and their customers. By delineating roles and expectations, ISO 27017 ensures a collaborative approach to securing information in the cloud.

3. Active Monitoring: Recognising the dynamic nature of cloud services, ISO 27017 introduces controls for active monitoring of cloud activities. This proactive approach helps identify and mitigate potential security risks in real-time.

4. Integration with ISO 27002 and ISO 27001: ISO 27017 is designed to be used in conjunction with ISO 27001 and ISO 27002, providing organisations with specific guidance when adopting cloud services while maintaining an effective Information Security Management System (ISMS).

Think of ISO 27017 as an extension of ISO 27002, which provides additional guidance on information security controls specific to cloud computing environments.

Meanwhile, the same controls are contained in the current ISO 27001:2022 and

ISO 27002:2022. Hence, being in compliance with ISO 27001 makes it easier to be

in compliance with 27017.

Who is responsible for cloud security?

Despite the growing significance of cloud services, concerns persist regarding the security of both cloud service providers (CSPs) and their customers. A common source of confusion revolves around determining responsibility for safeguarding information stored in thecloud.

In reality, the onus of ensuring security lies on both parties involved. The CSP's role is to minimise the risk of information

security breaches within the cloud, while the cloud service customer (CSC) is

responsible for implementing organisational information security controls and

processes.

Certification under ISO 27017, offered by Smartcomply, elucidates the responsibilities of both parties, aiming to establish cloud services as secure and reliable as the rest of an organisation's information infrastructure.

Smartcomply’s ISO 27017 certification services extend beyond traditional ISO 27001 focus. This comprehensive portfolio includes a statement of verification for other

pertinent information security standards, such as ISO 27032, and a certification of compliance with ISO 27001.

Why choose Smartcomply?

As the leading automated and AI-powered compliance platform in Africa, Smartcomply boasts a comprehensive scope covering certification and assessment services across various industries.

This assures clients of Smartcomply information security expertise, irrespective of their industry. Smartcomply automated and AI-powered technical expertise ensures that organisations are paired with assessors who possess industry-specific knowledge. 

This tailored approach facilitates thorough, value-added assessments. Smartcomply goes beyond certification, offering practical recommendations to enhance an organisation's ability to safeguard information stored in the cloud. 

Get started on Smartcomply for ISO 27017 certification to demonstrate your organisation's commitment to securing information in the cloud.

Follow our blogs  here and here to read more updates from us.

Feel free to follow us across our social media platforms to learn more from us; Facebook, LinkedIn, Twitter and Instagram

Speak to our customer care representative; 08133262024

Request an instant demo: https://www.smartcomplyapp.com/book-a-demo