International business standards company BSI is now offering certification and training for ISO/IEC 27017, Information technology — Security techniques — Code of practice for information security based on ISO/IEC 27002 for cloud services.
What is ISO/IEC 27017?
ISO/IEC 27017 provides guidelines for information security controls applicable to the use of cloud services. The standard provides additional implementation guidance for relevant controls specified in ISO/IEC 27002, Information technology — Security techniques — Code of practice for information security controls. ISO/IEC 27017 also provides additional controls and implementation guidance that are specifically related to cloud services for both cloud service providers and cloud service customers.
Benefits of ISO/IEC 27017 Certification
By taking advantage of ISO/IEC 27017 certification, cloud service providers are able to provide customers assurance that their organization’s cloud security controls meet customer requirements. Beyond the security controls of ISO/IEC 27002, certification to ISO/IEC 27017 will also:
- Provide guidance on the protection of records associated with the use of cloud services.
- Provide clarity on change management and how it’s reported.
- Enable customer and provider to agree on divided responsibilities for information security.
- Address the process for asset return or removal upon termination of contract.
- Address the issue of separating a customer’s virtual environment from other customers or external parties.
- Allow the configuration of virtual machines to meet the needs of the organization.
- Ensure consistent configuration of virtual network environment to be in line with the information security policy of the physical network.
“ISO/IEC 27017 looks at the roles and IT responsibilities of both the cloud service customer and the cloud service provider when it comes to delivering security controls,” said Elaine Munro, head of Portfolio Management at BSI. “Following this guidance can help meet the needs of both parties, but they can receive further support from the ISO/IEC 27017 certification scheme or training modules, the latter of which look at how to audit ISO/IEC 27017. Some of the benefits users can expect include greater reassurance to customers and stakeholders that cloud service customer data is well protected; increased competitive advantage by demonstrating robust data protection controls are in place and help in reducing the possibility of a data breach which could result in regulatory fines and damage to brand reputation.”
Learn more about BSI’s ISO/IEC 27017 certification and training support at www.BSIgroup.com.