ISO 27017

In an increasingly cloud-dependent world, protecting sensitive information in virtual environments has never been more important. ISO/IEC 27017:2015 is a globally recognised standard that offers practical guidance for strengthening cloud security. It helps both cloud service providers and customers clarify roles, reduce risks, and implement appropriate controls to safeguard data. Whether you’re delivering or consuming cloud services, adopting ISO 27017 demonstrates a strong commitment to cloud-specific information security best practices.

• Enhances trust between cloud providers and customers
• Clarifies shared responsibilities for cloud security
• Improves data protection in multi-tenant environments
• Provides guidance on removing customer data securely
• Strengthens compliance with regulations and contractual obligations
• Supports ISO/IEC 27001 implementation with cloud-specific controls
• Helps identify and mitigate risks unique to cloud platforms
• Encourages better monitoring, logging, and access control in the cloud

• An existing or developing ISMS (Information Security Management System), ideally aligned with ISO/IEC 27001
• Clear understanding of cloud service roles (provider vs. customer)
• A risk assessment focused on cloud-specific threats
• Policies and procedures for virtual machine configuration and data removal
• Defined responsibilities and security requirements for third-party cloud services
• Technical controls for identity, access, and encryption in the cloud
• Ongoing security monitoring, auditing, and incident management processes
• Staff training and awareness on cloud-specific security concerns

For more information about the process of ISO 27017 please contact us and one of our team will be happy to discuss the standard in more detail.