Choose another country to see content specific to your location

//Select Country

ISO 27017 Certification

Safeguard your cloud services through robust information security controls

ISO/IEC 27017 Certification for cloud security

More businesses are offering cloud-based services to customers, and so purchasing departments increasingly demand evidence that data stored on those cloud servers is safe. ISO/IEC 27017 is a set of guidelines for safeguarding cloud-based environments and minimizing the potential risk of security incidents.

The standard addresses topics such as:

  • Asset ownership
  • Recovery plans if the cloud service provider (CSP) is dissolved
  • Disposal of assets containing sensitive information
  • Segregation and storage of data
  • Alignment of security management for virtual and physical networks

Any organization which provides cloud-based services can benefit from ISO/IEC 27017 certification – from online email providers and document management platforms to cloud-based apps and tools. It demonstrates to customers that you are following the most stringent cloud services security standards and have processes in place to manage any unforeseen problems.

benefits of ISO/IEC 27017 certification

If your organization provides cloud services your customers will want assurances that their data, documents, messages and activity are protected under any circumstances. They will also want evidence that they will be able to retrieve and move their data whenever they wish. ISO/IEC 27017 cloud standard gives them that confidence.

An ISO/IEC 27017 certification provides multiple benefits:

  • Reduce operational risk

    By adhering to the ISO/IEC 27017 guidelines you can efficiently analyze vulnerabilities and mitigate against data breaches, as well as regulatory fines and penalties.
  • Win market trust

    An independent third-party assessment demonstrates your commitment to global information security practices. Winning stakeholder confidence delivers you a competitive advantage as potential investors and customers identify you as a responsible partner.
  • Define and clarify responsibilities

    ISO/IEC 27017 clearly outlines the exact relationship, roles, rights and responsibilities between cloud service customers and cloud service providers, enabling you to become a preferred CSP and expand your business globally.

Your trusted ISO/IEC 27017 auditor

TÜV SÜD is a world leader in cloud computing service auditing and assessments and works with companies around the globe to provide independent audits and certification. Based on years of technical experience, our auditors are able to rapidly understand your cloud system’s architecture and assess whether or not it conforms to the standard. If it is non-conformant, you can use our reports to see which areas you need to improve on and receive certification.

As TÜV SÜD is vendor agnostic, our assessments are both impartial and independent, and we follow the highest standards of auditing practice to ensure neutrality and reliability every time. Our rigorous approach ensures greater trust for your customers.

The ISO/IEC 27017 Certification process

Every CSP is different, so we work with you to implement a tailor-made yet rapid assessment of how your organization conforms to the recommendations in ISO/IEC 27017. Using our assessment tool, our experts identify non-conformances and present these in an assessment report. Based on the findings, your organization can then implement improvements which rapidly reduce your risk and let you become certified.

Steps to ISO 27017 Certification

  • Receive a customized quote from TÜV SÜD – including detailed costs and timescales
  • TÜV SÜD conducts an in-depth assessment
  • Our assessment report is released to you
  • Prepare your prioritized action plan, based on our assessment report
  • TÜV SÜD issues your ISO/IEC 27017 certificate

EXPLORE

ISO/IEC 27001 Information Security Management
White paper

How to Achieve ISO/IEC 27001:2013 Certification

Implement an Information Security Management System according to ISO / IEC 27001

Learn More

ISO 27001 – Keeping Information Security Management Systems Safe
Report

ISO 27001 – Keeping Information Security Management Systems Safe

Protect your organization's information in a systematic yet cost-effective manner

Learn More

ISO 27701 Report
Report

ISO 27701 – Extension of ISO 27001 With Emphasis on Privacy

Learn how ISO 27701 can help you successfully manage your organization's data privacy

Learn More

VIEW ALL RESOURCES

Next Steps

Select Your Location

Global

Americas

Asia

Europe

Middle East and Africa