ISO 27017:2015 – Cloud Data Protection

ISO 27017

What is ISO 27017?

This standard is part of the ISO 27000 series of standards for Information Security. ISO 27017: 2015 is based on ISO 27002 for cloud services. The standard provides procedures specifically around cloud computing and is used by organisations that use cloud services and by cloud service providers. As this is a risked assessment standard selecting the controls and measures can depend on any legal, contractual, regulatory or other cloud-sector specific information security requirements.

Benefits of ISO 27017?

• Can be easily included into your ISO 27001 management system
Clarifies the roles and responsibilities for both service providers and users
• Implements controls on cloud computing to allow continuity and growth of your business
Reduces risk and provides a competitive advantage over your competition
• Provides a framework to demonstrate GDPR Compliance

Why you need ISO 27017 Certification?

Unlike ISO 27001 you cannot be Certified to ISO 27017 on its own. This standard is used as an add on to ISO 27001. Since GDPR has come into force we now see organisation implement both ISO 27001 and ISO 27017 in an effort to demonstrate GDPR compliance across all areas of the legislation.

For cloud providers, ensuring the safety of consumer information is the number one priority.
In light of recent breaches that have compromised user data, receiving certification through an international standard provides an organisation with the globally accepted security controls. It also demonstrates to the cloud provider’s customers the importance they place on protecting consumer data. This provides a unique marketing advantage to firms that are able to tout their ability to confidently secure customer information.

While some organisations seek certification to conform to their unique regulatory needs or the needs of their clients, other organisations should consider ISO 27017 or ISO 27018 in order to minimize both the risk inherent to cloud-services organisations, and the potential cost of a breach. Adhering to the rigid guidelines of ISO 27017 and 27018 allows your organisation to operate with confidence and build a reputation of trust with your clients.

ISO 27017 Certification Process:

  • One day certification audit
  • Certification review & decision
  • Updated ISO 27001 cert reflecting the client is now certified to ISO 27001 + 27017
*Certification Review & Decision includes; granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of the certification.


Contact our team today to receive a free no-obligation competitive quotation from our dedicated business development team. We will devise a comprehensive quote which will be agreed in line with your requirements.

LinkedIn LinkedIn

Certification EU

Block 20A, Beckett Way
Parkwest Business Park
Dublin 12
D12 P8R2


Telephone: +353 1 642 9300