ISO/IEC 27017:2015 Certification
What is ISO 27017 Certification?
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.
Within the ISO 27000 family of standards, ISO 27017 is a code of practice outlining additional information security controls, specifically for cloud service providers and their customers.
ISO 27017 standard provides cloud-based guidance on 37 of the controls in ISO 27002 but also features seven new cloud controls that address shared roles and responsibilities, the monitoring of cloud services activity, alignment of the security management of the virtual and cloud network environment and more.
Benefits of ISO 27017 Certification
Reduces operational risk
Increase information security risks
Win market trust
Define and clarify responsibilities
Who can be certified ISO 27017 Certification?
Any organisation which provides cloud-based services can benefit from ISO/IEC 27017 certification – from online email providers and document management platforms to cloud-based apps and tools.
IT & IT Enabled Companies
Research and Development
Banking & Financial Institute
Design Services
Organization with Sensitive Data
Government Agencies
Telecoms
Document required for ISO 27017 Certification
- Technical File, Product Master File (TCF)
- Product Testing
- System Manual
- System Procedure
- Policy
- Objectives
- Mission & Vision
- Plant Master File
- Standard Operating Procedure (SOP)
- Checklist
- Forms
- Formats
- Records
The extent of Documented Information differs as per:
- Product and it's uses
- Testing requirement of products
- Directive in which product classified
- Self Certification or Compliance Certification
- Notify body Certificate
Role of Shamkris and Process of ISO 27017 Certification
Shamkris adopts a results-oriented approach to compliance product certification, A simple & practical method of product certification organization in timely compliance and fulfills the product certification requirement. Shamkris support 100% on documentation required to comply with product certification either by self-certification or notify body certification to depend on directives.
The implementation process is described below:
Time Frame
Task
Process
Day 1
Scope defined
Self Certification/NoBo
Selection
Cost Estimates
- Finding directive and EN standard applicable to the product
- Selecting the appropriate certification scheme
- Based on the scope of the product and certification scheme
Week 1
Developing Documents
- Technical file, Plant Master file and Test Protocol
- Management System Manual, Management System Procedures, Policy, Objectives, Forms etc.
- Review of Standard Operating Procedures (SOP)
Week 4
Implementing Product Management System
- ISO 27017 Awareness training to QC manager and Production Manager
- Implementing a well-documented manual throughout the life cycle of the product
Week 8
Internal Audit
MRM
CAPA
- Internal audits identifying nonconformities related to ISO 27017 requirements
- Management Review Meetings
- Corrective and Preventive Action plan for nonconformities
Week 10
Self Certification/NoBo
Audit
N-C Closing
- Shamkris acts on your behalf and assists you in the third-party audit
- Closing of any nonconformities identified by the Self Certification/NoBo
Week 12
Self Certification/NoBo
- ISO 27017 certificates issued for 3 years
- Surveillance Audits yearly
Year on Year
Yearly Compliance
- Support of Yearly documentation for audit
