Secure Cloud ISO/IEC 27017:2015

3D Letter-S-Gold-Lo.png



Cloud computing has changed the way organizations deliver and consume digital services, enabling ubiquitous access to users across Internet links.


Due to this public nature, enterprises should assess and mitigate information security risks from a proper technical design, to ongoing operation, governance, and audit. While implementing ISO/IEC 27001 with ISO/IEC 27002 controls brings some risk assurance and information security governance, expanded control sets through ISO/IEC 27017 are needed to provide cloud-specific implementation guidance based on security threats and risk considerations in this realm.

Cloud Servers V2.png

How ISO/IEC 27017 Applies


ISO/IEC 27017 addresses many critical areas, including these:

  • What are the cloud controls for the removal and return of assets when a customer contract is terminated?

  • What are the cloud controls for virtual machine configuration and monitoring?

  • What’s necessary to protect and separate the customer’s virtual environment in a cloud environment?

  • Who is assigned the various responsibilities between the cloud service provider and the cloud customer?

  • What administrative operations and procedures are associated with the cloud service?

How A Service Provider Benefits


The cloud service provider benefits from ISO/IEC 27017 in numerous ways, include these:

  • Adherence provides a competitive industry advantage, demonstrating robust controls for data protection

  • Safeguards against reputation damage and regulatory fines from a data breach, because it reduces the risk associated with intention and unintentional threats

  • Promotes trust and confidence in the service provider’s business, resulting in reassurance to customers and stakeholders alike that information is safeguarded

  • Provides guidelines across geographies that bring consistency to data protection, promoting business growth.

What We Can Do For You

The professionals at ALLENDEVAUX have deep knowledge and industry experience with cloud security, including network and infrastructure best practices, and will help design an ISO/IEC 27017 cloud security programme to address appropriate areas including these controls:

  • supplier relationships instrumental to cloud service delivery and support

  • information security risk management processes

  • cloud computing specific risks beyond the norm, including network scalability and elasticity of ecosystems, self-service provisioning, administration on-demand, and cross-jurisdictional service provisioning

  • augmented information security policy to plan for multitenancy and cloud service customer isolation, access controls by staff, access procedures, communication plan for cloud service customers during change management, lifecycle management, breach notification plan

  • augmented mobile device policy and teleworking policy for guidance implementation and governance

  • specific cloud service awareness and training requirements for employees and contractors

  • specify proper media handling protocols for removable media, its disposal, and transfer

  • user registration and deregistration for access management.