ISO 27017

Guidelines for Information Security Controls

In an increasingly cloud-dependent world, protecting sensitive information in virtual environments has never been more important. ISO/IEC 27017:2015 is a globally recognised standard that offers practical guidance for strengthening cloud security. It helps both cloud service providers and customers clarify roles, reduce risks, and implement appropriate controls to safeguard data. Whether you’re delivering or consuming cloud services, adopting ISO 27017 demonstrates a strong commitment to cloud-specific information security best practices.

Want to find out more about ISO 27017?

We help companies get ISO 27017 certified. Let IS Certification Service help you today!

Benefits of ISO/IEC 27017:2015:

  • Enhances trust between cloud providers and customers
  • Clarifies shared responsibilities for cloud security
  • Improves data protection in multi-tenant environments
  • Provides guidance on removing customer data securely
  • Strengthens compliance with regulations and contractual obligations
  • Supports ISO/IEC 27001 implementation with cloud-specific controls
  • Helps identify and mitigate risks unique to cloud platforms
  • Encourages better monitoring, logging, and access control in the cloud

To implement ISO/IEC 27017:2015, you need:

  • An existing or developing ISMS (Information Security Management System), ideally aligned with ISO/IEC 27001
  • Clear understanding of cloud service roles (provider vs. customer)
  • A risk assessment focused on cloud-specific threats
  • Policies and procedures for virtual machine configuration and data removal
  • Defined responsibilities and security requirements for third-party cloud services
  • Technical controls for identity, access, and encryption in the cloud
  • Ongoing security monitoring, auditing, and incident management processes
  • Staff training and awareness on cloud-specific security concerns

The Certification Process for ISO 27017 will include

For more information about the process of ISO 27017 please contact us and one of our team will be happy to discuss the standard in more detail.

Have a question about ISO Certification?

Why not speak to a qualified auditor about your ISO Certification requirements, or visit our ISO Certification FAQ’s page

Accessibility Tools

Your choices will be saved as a non-identifying cookie. This means that each time you load a webpage from this website, your chosen accessibility options will be applied. These cookies will last for 28 days before resetting.

Text Size

Use these icons to increase, decrease or reset the size of the text throughout the site.

Text To Speech

When text to speech is active, you can click the play button to hear the whole sites content read aloud. You can also highlight a section of text and press play, to hear only the highlighted text.

Settings

1
1

Screen Mask

A screen mask is a reading tool which follows your cursor. It allows you to remove distractions from around the page and gives a clear area of focus.