ISO/IEC 27017 was first published in September 2015 and provides additional guidance for implementing ISO/IEC 27002 information security controls within a cloud computing environment. The standard can be used by cloud service providers to safeguard their cloud-based environment and minimise potential risk of security incidents.

What is ISO/IEC 27017:2015 – Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services? 

Talk to our experts

SCS Contact

Main contact

Main contact

certints@singnet.com.sg

ISO/IEC 27017:2015 is part of the ISO/IEC 27000 family of standards which provide best-practice guidelines for information security management. ISO/IEC 27017 is derived from ISO/IEC 27002 and provides guidance on additional security controls that is applicable to cloud computing environment. The standard provides implementation guidance on 37 controls found in ISO/IEC 27001 as well as 7 additional requirements:  

  • Shared roles and responsibilities within a cloud computing environment, 

  • Removal of cloud service customer assets, 

  • Segregation in virtual computing environments, 

  • Virtual machine hardening,  

  • Administrator’s operational security, 

  • Monitoring of cloud services, 

  • Alignment of security management for virtual and physical networks. 

ISO/IEC 27017 is applicable to organizations providing cloud-based services from document management platforms to cloud-based applications.  

iso-iec-27017-information-security-controls-cloud-services

Our Expertise

Benefits of ISO/IEC 27017:2015

  1. Protect information assets within the cloud computing environment

 

  1. Comply with legal and regulatory requirements, 

 

  1. Reduce the risk of information security incidents, 

 

  1. Save costs by reducing the need for duplicate controls. 

  1. Protect information assets within the cloud computing environment

 

  1. Comply with legal and regulatory requirements, 

 

  1. Reduce the risk of information security incidents, 

 

  1. Save costs by reducing the need for duplicate controls. 

Why get certified with SOCOTEC Certification Singapore? 

SOCOTEC Certification Singapore has conducted audits since 1994 for various information security and information technology related schemes and our audit team are qualified with in-depth knowledge of the industry and the technological advancement as well as Singapore’s move to becoming a Smart Nation. Therefore, certification with us will not only enhance your branding, but also provide value-add to your organization in complying with regulatory requirements.

Key steps to certification

certification-process

Would you like to know more about our Certification offers? Contact us

Contact us
certints@singnet.com.sg

Talk to our experts

SCS Contact

Main contact

Main contact

certints@singnet.com.sg