ISO 27017:2015

Cloud Security Controls

Standard brief

This standard provides guidelines for both cloud service providers and customers to ensure a safe and secure cloud-based environment. It fosters a shared responsibility model between the cloud providers and customers. It is an extension of ISO/IEC 27002 along with robust cloud-specific security controls. The main purpose of these guidelines is to implement information security controls into cloud computing environments. Further, it helps cloud providers and customers to manage security risks associated with cloud-based services. It enhances the ISMS of cloud service providers by implementing specific cloud-based security controls.

ISO 27017_2015

Benefits

  • Strengthens information security in cloud-based environments by managing the associated risks.
  • Provides practical compliance guidance for both cloud service providers and customers.
  • The system supports and strengthens risk assessments and mitigation related to cloud-based data breaches.
  • The system aligns with international cybersecurity best practices and policies.
  • The system supports regulatory adherence with cloud-based global security standards.

Concepts

Technical Controls: Data encryption, virtual machine hardening, network alignment, and cloud-based monitoring.

Organizational Controls: Robust risk management, incident response plans, and shared roles and responsibilities to ensure a secure cloud environment.

Legal Controls: Contractual obligations, regulatory compliance and data return removal. 

Physical Controls: Secured data centers and environmental controls to prevent cloud infrastructure from physical threats. 

Human Resource Controls: Periodic training and awareness, secured access management, and thorough background checks.

ISO Certification

ISO 27001:2022

Information Security Management System for securing your organisation's information. Learn More

ISO 42001:2023

AI Management System for responsible and secure enterprise artificial intelligence governance. Learn More

ISO 27701:2019

Privacy Information Management System for managing personal data security and protection. Learn More

ISO 27017:2015

Cloud Security Controls for strengthening robust and reliable cloud-based information security. Learn More

ISO 27018:2019

Cloud Privacy Standard for protecting sensitive and confidential personal data in cloud systems. Learn More

ISO 20000-1:2018

Information Technology - Service Management System to assist with smooth IT services. Learn More

ISO 9001:2015

Quality Management Systems for all organisations of all sizes from all domains. Learn More

ISO 14001:2018

Environment Management Systems to ensure minimal environmental impact. Learn More

ISO 45001:2018

Occupational Health and Safety Management Systems for people safety. Learn More

Let's Work Together

European Assessment and Certification Ltd.
19, Layton Crescent, Slough, SL38DP, UK.
Company Number 12819256

+44 7471 048859
info@e-ac.uk

5 + 5 =

error: Content is protected !!