ISO 27017:2015
Security Controls for Cloud Services
ISO 27017:2015
What is ISO 27017:2015?
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, It recommends implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards.
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
This code of practice provides additional information security controls implementation guidance specific to cloud service providers.
Ready to get certified - Call Us Now
ISO 27017:2015 Security Controls for Cloud Security
Key Benefits
Strategic
- Greater assurance to customers on safe cloud computing
- Places robust controls on cloud security
- Unique guidance to cloud environment
- Addresses pain points for cloud providers
Compliance
- Comply to complex legislation
- Ability to control cloud services computing
- More government tenders
- Transform into a consistent competitor
- Broader business opportunities
Why Us?
- Guaranteed Certification
- We keep it simple and affordable
- We help businesses tell their story
- All consultants are certified lead auditors
- We inspire customer confidence
- Excellent relations with certification bodies
“Cloud is all about how you do computing, and not where you do computing!
Would you like to do everything in a few clicks?
Harmonize is a cloud-based software solution to manage your ISO implementation and maintenance.
OUR NICHE
- Our team comprises of certified Lead Auditors, Integrators and Software Architects
- Combined four decades of continuous product innovation, evolution, testing and elevated customer experience
- Our secure online backup solutions ensure your data is encrypted and compressed even before it leaves your device
- We provide regular monitoring, remote maintenance, back up and online support
The Implementation Process
Initial meeting and discussions will help us to understand your business model, reasons for certification and will get to know your stakeholders.
Gap Assessment will be performed to gauge level of compliance. Any gaps identified will have an agreed plan of action.
Investigate opportunities to integrate the requirements of the standard with existing controls to save time and money.
A detailed project plan will cover all aspects of implementation with clear time frames for deliverables and associated costs.
Design and Develop documentation, implement and integrate processes within the business
Plan tasks with business stakeholders towards implementation of the system.
Conduct awareness trainings for key stakeholders within the business with test of understanding.
Plan and conduct internal audits, assist in closing areas of concern or non-conformities with suitable corrective actions.
Plan and execute Management Review and plan certification activities
Certification Body completes the Stage 1 Audit.
Agree plan of actions with internal stakeholders to close areas of concern or non-conformities if any.
Review of actions taken by stakeholders to address the areas of concern or non-conformities
Certification Body completes the Stage 2 Audit and awards certification
Genx to provide ongoing support to maintain certification through Harmonize.
Plan and conduct internal audits and supplier audits.
Ongoing awareness and refresher trainings for existing and new staff.
