More and more organisations are turning to cloud services to help them run their businesses and store vital information. But this has opened up new security questions and created a need for more relevant security controls.
The ISO (International Organisation for Standards) has recognised this need and created an extension to their Information Security Management Standard (ISO 27001). By achieving ISO 27017, you can demonstrate that you have relevant controls in place to keep information safe within your cloud service, giving your business a competitive advantage and a stronger reputation for security.
ISO 27017 is a code of practice designed to tighten security in the cloud.
It is an extension of ISO 27001, the Standard for Information Security Management, and it was designed to provide more detail and guidance on cloud security.
It also expands on the requirements featured within ISO 27002, which lays out the specific controls for ISO 27001. ISO 27017 builds on these controls and includes ones that are more focused on cloud services. This can help you to choose the right security controls for your business and ensure you can keep your cloud secure.
ISO 27017 also has requirements for the customer. It details the responsibilities of IT teams or other clients so that they know what to look for in a cloud service. By taking this approach, the Standard aims to make cloud services as safe and secure as possible, building both customer and business confidence in the service.
Top benefits of achieving certification in ISO 27017 include:
The cost of ISO 27017 depends on whether you already have an existing ISO 27001 Information Security Management System. If you do, you can add the ISO 27017 extension to your existing Information Security Management System.
ISO 27017 is an extension of this Standard, which means it cannot be implemented as a standalone product. If you haven’t yet achieved certification in this Standard, you will therefore need to implement ISO 27001 alongside ISO 27017 in order to achieve the certification you are looking for.
To get an idea of the costs, use our free fee calculator below or get in touch with our Sales Team on 0333 344 3646.
ISO 27001 is the international Standard for Information Security Management. It develops a robust framework within your business to manage information security and risk, which will help you to comply with stringent privacy laws, such as the General Data Protection Regulation (GDPR).
ISO 27017 is an extension of this Standard. It builds on
the implementation controls of ISO 27002 (a code of practice) and provides
businesses with more focused controls that will help them to maintain a
protected cloud service. Notably, it also lays out the responsibilities of the
customer in choosing a cloud provider, which will encourage safer provision of
Becoming certified to ISO 27017 is a straightforward process, whether you are adding it to your existing ISO 27001 system or are implementing both.
If you already have ISO 27001, the process will be a little quicker as you will already have some supportive frameworks in place. However, you will still go through the same three-step process as businesses that are implementing both Standards at once.
During the process, our consultant will also identify your business and team members as information controllers, processors or both. This will depend on whether you are the person (or business) who determines the purposes for which, and the way in which, personal information is processed, or the person (or business) who processes personal information on behalf of the information controller. This early classification will remove unnecessary complexity.
A QMS Consultant will visit your Organisation to review and document your current processes and procedures, highlighting any areas that do not meet the requirements of the Standard.
Now its time to make sure any required process or procedural changes are made, as highlighted in the Review. QMS can provide templates to assist you in doing this.
An Auditor must now visit your Organisation to check that the documented processed are being followed and that the necessary changes have been made. Once they are satisfied, you will be rewarded with your certification.
Once you have achieved certification the certification cycle will commence. This is made up of surveillance and re-certification audits, one of which must take place each year, around the anniversary of your certification. These visits confirm your continued compliance with the Standard and verify the validity of your certification.
Our digital management platform, QMS Connect, means that you can take control of your management systems at any time, in any place.
Equipped with simple navigation, real-time reporting and a collection of guides and videos to help you, QMS Connect is a secure and convenient platform for uploading and amending documents, assigning tasks and accessing a helpdesk ticketing system.
It also helps you engage your teams, capturing information that can hone your business decisions for more repeat customers and better customer satisfaction.
At QMS we are constantly updating our approach and process to meet the latest changes in how ISO 27017 works.
Information security policies form the foundation of an organisation’s security and are featured as part of ISO 27001’s controls. But what are they and what should they include?
ISO 27001 is the international Standard for information security but how does it work to protect your organisation and its information?
With cyber security becoming a hot topic due to the rise in remote working, we set out at the beginning of 2021 to find out how vulnerable SMEs are to cyber-attack, and what they are doing to protect themselves.