<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/li>\n\n\n\n
<\/p>\n\n\n\n
To mitigate the abovementioned concerns, organisations need to adopt a strategic practice for information security, such as using ISO\/IEC 27017. It examines both the roles and responsibilities of cloud service providers and cloud service customers on the cloud computing platform.<\/p>\n\n\n\n <\/p>\n\n\n\n ISO\/IEC 27017:2015 provides information security guidelines for organisations that use cloud services. The international standard recommends and assists cloud service providers with the information security controls applicable to their cloud service. This code of practice also supplements the guidance of ISO\/IEC 27002 and ISO\/IEC 27001 standards by including implementation guidance and additional controls specific to cloud service.<\/p>\n\n\n\n According to IBM 2021 report, to completely resolve a data breach costs an average of $4.24 million US dollars. ISO\/IEC 27017 provides a framework that advises aligning security management for cloud service and virtual and physical networks.<\/p>\n\n\n\n When your organisation is committed to this international standard, there will be a significant reduction in the likelihood of data breaches, increasing your customers’ confidence.<\/p>\n\n\n\n Your customers must trust that their data is safe in the cloud service. Therefore as a cloud service provider, it is crucial to signal to your cloud service customer that your organisation takes security threats such as data breaches seriously and is making every effort to minimise them. Certifying ISO 27017 assures customers that their information in the cloud is secured.<\/p>\n\n\n\n Since ISO 27017 is not a management system standard, unlike ISO 27001<\/a>, you can’t attain certification for this standard. However, you can certify against ISO 27017 during an ISO 27001 certification<\/a> process. To do so, you have to include the specific controls in ISO 27017 into the scope of the ISO 27001 certification audit. Expanding your ISO 27001 scope to cover the ISO 27017 controls allows you to attain an independently verified certification to demonstrate the conformance to that standard.<\/p>\n\n\n\n ISO\/IEC 27017:2015 – Information Technology – Security techniques – Code of practice for information security controls based on ISO\/IEC 27002 for cloud services is the latest version of this international standard published in 2015. This standard is part of the ISO\/IEC 27000<\/a> family of standards concerning information security management. The standard extends from ISO\/IEC 27002 for cloud environments to include additional controls not originally included in ISO\/IEC 27002.<\/p>\n\n\n\n The latest version of ISO 27001: 2013 contains 14 domains, and a risk assessment<\/a> should determine which controls are needed while others can be excluded from the information security management system. The respective 14 domains are listed below:<\/p>\n\n\n\n <\/p>\n\n\n\n ISO\/ IEC 27017: 2015 provides guidance on 37 controls based on ISO\/IEC 27002 and also includes seven exclusive controls, which are:<\/p>\n\n\n\n <\/p>\n\n\n\n ISO 27017 provides a framework which includes additional guidance and recommendations for implementing cloud-specific information security controls based on ISO 27002. ISO 27018 guides ensure privacy in cloud computing services, assisting cloud service providers in properly handling personally identifiable information.<\/p>\n\n\n\n <\/p>\n\n\n\n ISO 27017: 2015 sets out guidelines for a cloud service provider to implement to provide a safeguarded cloud-based service and reduce the potential security threats. Your organisation needs to implement ISO 27017 if your organisation is a cloud storage provider or uses cloud storage directly for your business operations.<\/p>\n\n\n\n Customers are more likely to work with your organisation if they are confident that their data are handled safely. Your organisation will benefit from a better company image and reduced risk of security damage; therefore, it is strongly encouraged to comply with ISO 27017.<\/p>\n\n\n\n To comply with ISO 27017, your organisation must first undergo ISO 27001 certification. Expanding ISO 27017 controls into ISO 27001 scope will allow you to achieve the statement certifying that your organisation complies with ISO 27017 under your ISO 27001 certificate.<\/p>\n\n\n\n If your organisation needs help with compliance with ISO 27017, let us assist you in complying with the regulatory requirements more efficiently.<\/p>\n\n\n\n Sources<\/p>\n\n\n\n![\"\"\/](\"https:\/\/images.surferseo.art\/f53efd70-b00a-4a0b-a4fd-15013666011d.jpeg\")
<\/figure>\n\n\n\nWhat is ISO 27017? <\/h2>\n\n\n\n
Why is ISO 27017 important? <\/h2>\n\n\n\n
Is ISO 27017 a certification?<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/images.surferseo.art\/721213e6-a07d-413e-ac84-cedb97b1fc8e.jpeg\")
<\/figure>\n\n\n\nWhat is the latest version of ISO 27017?<\/h2>\n\n\n\n
What are the domains of ISO 27001?<\/h2>\n\n\n\n
\n
How many controls are there in ISO 27017?<\/h3>\n\n\n\n
\n
![](\"https:\/\/images.surferseo.art\/e382341a-2fe8-4c9d-9fdc-6e5f08f3973b.jpeg\")
<\/li>\n<\/ul>\n\n\n\nWhat is the difference between ISO 27017 and ISO 27018?<\/h3>\n\n\n\n
![\"\"\/](\"https:\/\/images.surferseo.art\/54094967-3f68-483f-91de-ac01c6af0c22.jpeg\")
<\/figure>\n\n\n\nConclusion<\/h2>\n\n\n\n