ISO 27017

ISO 27017 is the global standard used by organisations to strengthen their current cloud data protection and cloud security services. The standard highlights the actions an organisation must take in creating new data protection measures in accordance with current ISO 27017 requirements and regulations.

Achieve ISO 27017 certification with an internationally accredited body.
Demonstrate knowledge and understanding of cloud data protection and ISO 27017 cloud security.
Highlight your organisation’s robustness in tackling broader security issues.
Win customer trust and apply for contracts requiring ISO 27017 certification.
Assure stakeholders and investors your organisation is serious about data responsibility.

What is ISO 27017?

This standard is part of the ISO 27000 standard series for practice of information security, which includes standards such as ISO 27001. ISO 27017:2015 is the current version of this international standard, based on ISO 27002 for cloud services. The standard provides procedures specifically designed for cloud computing and is used by organisations that require cloud service customers and by cloud service providers.

ISO 27017 is developed by the International Organization for Standardization and published by the ISO alongside the International Electrotechnical Commission (IEC).

As this is a risk assessment standard, selecting the controls and measures can depend on legal, contractual, regulatory or other cloud-sector specific information security requirements. Achieving ISO 27017 certification demonstrates to clients and stakeholders your organisation takes the security of data and cloud-based services seriously, enhancing customer trust and helping meet regulatory requirements such as GDPR.

For cloud providers, ensuring the safety of consumer information is a mission-critical priority.

ISO/IEC 27017:2015 provides a framework for organisations that will help to:

Provide clear additional control and implementation guidance on how to implement strong security measures for cloud-based services.
Introduce accountability for transactions between individuals using cloud service customers and the service provider.
Implement operational improvements across a broad spectrum.
Reduce the risk of security issues arising on cloud services.
Potentially strengthen other systems within their organisation relating to the broader ISO/IEC 27001 series.

what are the benefits of ISO 27017?

As more organisations move towards utilising cloud computing environments to store, process, and access data, ensuring a high level of security standard is essential. Cloud computing is the backbone of modern-day organisations, providing clients, stakeholders, and suppliers with secure on-demand access to computer processing and storage capabilities on a large scale.

For some organisations, meeting their clients’ unique regulatory needs may require certification, while others may find it beneficial to adhere to ISO/IEC 27017:2015 or ISO 27018 to mitigate the risks associated with cloud services and potential breaches. By adhering to these stringent guidelines, service providers and cloud-reliant organisations can operate with greater confidence and establish a reputation of trust with their clients.

ISO 27017 accreditation allows organisations to:

Add cloud security and cloud data protection to your ISO/IEC 27001 management system.
Clarify the roles and responsibilities for both cloud-based service providers and users.
Implement controls on cloud computing to allow continuity and growth of your business.
Reduce risk and provide a competitive advantage over your competition.
Provide a framework to demonstrate compliance to regulations such as GDPR.
Deepen data security resilience and build customer trust in IT and information systems.
Reduce costs through lower insurance premiums and potential losses from data breaches.

How to become ISO 27017 certified

Unlike ISO 27001, you cannot be certified to ISO 27017 independently. This standard is an add-on to ISO/IEC 27001. Organisations often implement both ISO 27001 and ISO 27017 to demonstrate GDPR compliance across all their data handling and processing operations.

Our ISO expert auditors conduct the certification process, and certification assessments can be completed in a single day. Once assessments have been completed, your organisation’s systems will be reviewed to ensure they meet the required legal standards. Certification Europe will issue your organisation with an official certificate if awarded with certification. An updated ISO 27001 certification can be granted, reflecting your organisation’s satisfactory standards in meeting both ISO 27001 and ISO 27017 criteria suitable for certification.

ISO 27017 certification process

One day certification audit
Certification review and decision
Updated ISO/IEC 27001 certificate reflecting the client is now certified to ISO 27001 and ISO/IEC 27017:2015

Start your journey to ISO 27017 certification

Contact our team for a free, no-obligation quotation from our dedicated ISO support team to start your ISO certification journey. We tailor our quotes to meet your requirements, and we support a range of standards, including ISO 27001, BS 10012 and Cyber Essentials.

Learn more about Certification Europe’s accreditations, discover our client testimonials and find out more about working with us.

The Certification Journey

Stage
One

The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to Stage 2.

Recommendation for Certification

At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

Certification
Achieved

Successful certification is communicated to the client. Certificates are issued.

Stage
Two

The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

Certification Review & Decision

The organisations files are reviewed by an independent and impartial panel and the certification decision is made.

The Certification Journey

Stage One

The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to Stage 2.

1

Stage Two

The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

2

Recommendation for Certification

At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

3

Certification Review & Decision

The organisations files are reviewed by an independent and impartial panel and the certification decision is made.

4

Certification Achieved

Successful certification is communicated to the client. Certificates are issued.

5

What is ISO 27017:2015?

ISO 27017:2015 is the latest standards framework in place for ISO 27017. It is connected to the wider ISO 27000 series of international ISO standards that focus on international security managements systems organisations need for strengthening their cloud data protection services.

Is ISO 27001 certification required for ISO 27017 certification?

To gain ISO 27017 certification, your organisation will have to prove it has appropriate ISO 27001 systems in place to begin the certification process.

What industries implement ISO 27017?

ISO 27017 is suitable for all types and sizes of organisations – from SMEs and smaller businesses to large corporations and government departments – that need to securely handle and process data using cloud-based systems or that provide cloud-based services to clients. The internationally recognised standard is used by many industry sectors such as retail, hospitality, manufacturing, construction and financial services.

What is ISO 27001?

ISO 27001 is the international standard used by organisations worldwide to manage information security. It was first created by the International Organization for Standardization.

Why work with Certification Europe?

We have been a worldwide accredited certification organisation since 1999, with offices in Ireland, the UK, Italy, and Japan. Our assessment teams have over 15 years of expertise in delivering certification to countries worldwide.

We’re accredited by the INAB and meet rigorous international certification standards, delivering ISO expertise to audit and certify ISO standards.

Accreditation is when a certification body is recognised to offer certification services. To become accredited, Certification Europe is required to implement a Quality Management System, which is assessed by an Independent Authorised Body (Irish National Accreditation Body) to determine that it meets International Standards.

We’re audited annually to ensure our services meet the exact requirements of the relevant accreditation standards.

ISO 27017 is accredited by INAB (Irish National Accreditation Body).

How long does ISO 27017 certification last?

ISO standard certification usually lasts for three years. During this time, auditors will conduct routine checks on a six-monthly basis to ensure the requirements for ISO 27017 certification are still being met.