Shamkris Global Group

ISO/IEC 27017:2015 Certification

What is ISO 27017 Certification?

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.

Within the ISO 27000 family of standards, ISO 27017 is a code of practice outlining additional information security controls, specifically for cloud service providers and their customers.

ISO 27017 standard provides cloud-based guidance on 37 of the controls in ISO 27002 but also features seven new cloud controls that address shared roles and responsibilities, the monitoring of cloud services activity, alignment of the security management of the virtual and cloud network environment and more.

Benefits of ISO 27017 Certification

Reduces operational risk

Win market trust

Define and clarify responsibilities

Increase information security risks

Who can be certified ISO 27017 Certification?

Any organisation which provides cloud-based services can benefit from ISO/IEC 27017 certification – from online email providers and document management platforms to cloud-based apps and tools.

IT & IT Enabled Companies

Research and Development

Banking & Financial Institute

Design Services

Organization with Sensitive Data

Government Agencies

Telecoms

Document required for ISO 27017 Certification

The extent of Documented Information differs as per:

Role of Shamkris and Process of ISO 27017 Certification

Shamkris adopts a results-oriented approach to effective system implementation in the organization. A simple and practical method of system implementation helps organizations increase business efficiency and sustainability. Shamkris supports 100% documentation to obtain a certificate of success in addition to enhanced performance.

The implementation process is described below:

Time Frame

Task

Process

Day 1

GAP Analysis
Certification Body
Selection
Cost Estimates

Week 1

Developing Documents

Week 4

Implementing Management System

Week 8

Internal Audit
MRM
CAPA

Week 10

Certtification Body
Audit
N-C Closing

Week 12

Certification Body

Year on Year

Yearly Compliance

FAQ

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.
 
ISO 27017 certification demonstrates cloud service security to users, while ISO 27018 certification ensures that personal data is processed securely.
 
ISO/IEC 27017 applies to organisations that provide services within the Cloud computing environment and have an ISMS (information security management system) in place. As part of the ISMS, organisations can choose which controls from ISO/IEC 27002 they wish to implement based on their own risk assessment.
 
To summarise, ISO 27017 is a security standard that builds on ISO 27001. It includes additional security controls specifically for cloud service providers.