Digital cloud

ISO 27017 Information security for cloud services

Are you a provider or customer of cloud services? With certification against the international standard ISO 27017:21 you can demonstrate your stakeholders that you are aware of the security risks of storing and processing information in the cloud and that you have taken measures to minimise these risks. Kiwa specialises in certifying various information security standards and helps you build trust in your cloud services.

Receive a quote tailored to your needs

+31 (0)88 998 49 00 Contact us Get a quote

We live in a world of big data and online information. Consumers and businesses want to be able to trust that the data shared with organisations via the cloud is safe. To ensure that privacy-sensitive information does not get misused or fall into the wrong hands, information security risk management is essential for any organisation that stores and processes data in a cloud environment or provides services that enable this.

Supplement to ISO 27001

The NEN-EN-ISO/IEC 27017 provides guidelines for information security controls that apply to the provision and use of cloud services. In addition to ISO 27001 for information security, ISO 27017 includes:

  • Additional implementation guidelines for relevant controls specified in ISO/IEC 27002;
  • Additional controls with implementation guidelines specifically related to cloud services.

For suppliers and users

The ISO 27017:2021 standard has been developed for both providers and users of cloud services who have already set up their information management in accordance with the ISO 27001 standard. In addition to ISO 27001, ISO 27017 provides specific risks and measures for providers and customers of cloud services. For example, the standard helps providers of cloud services to create trust in their services and supports customers of cloud services to achieve optimal security of cloud data together with their suppliers. The standard also describes what customer and supplier can expect from each other.

Why ISO 271017 certification?

  • More security for you and your customers/stakeholders;
  • More clarity regarding safety and responsibility;
  • Competitive advantage;
  • Grip on data;
  • Testing of ISO 27001 as the basis for ISO 27017.

Certification by Kiwa

Information is becoming increasingly valuable for many companies and organisations. Customer and production data is not only crucial for day-to-day operations, but can also have financial implications if not handled responsibly. Your information must therefore be secured. Kiwa has experts in the field of information security. They have extensive experience with certification processes in the field of ICT and information security in the most diverse sectors.

Discover more:

Prepare with a pre-audit/GAP analysis

Are you planning to certify your organization according to a specific standard but unsure where to start? Or have you already implemented a management system in line with, for example, ISO 9001, ISO 27001, or ISO 14001, but you're uncertain if it fully meets the certification requirements? Discover more about our pre-audit/GAP analysis.

Related services

Prepare with a pre-audit/GAP analysis

Are you planning to certify your organization according to a specific standard but unsure where to start? Or have you already implemented a management system in line with, for example, ISO 9001, ISO 27001, or ISO 14001, but you're uncertain if it fully meets the certification requirements? Discover more about our pre-audit/GAP analysis.

Read more