ISO 27017 Consultants

ISO 27017 is a code of practice which provides enhanced controls designed specifically for Cloud Services.

Our ISO 27017 Consultants are knowledgeable in the whole ISO 27000 family of Information Security Standards, and can help you extend your management system to ensure you have the tools to effectively manage risks using a full range of controls.

Contact Us

ISO 27001 & ISO 27017


The most effective implementation of the ISO 27017 Information Security Controls for Cloud Services is by applying them to an extended ISO 27001 Information Security Management System.

ISO 27001:2022 sets out minimum requirements and includes 93 Controls, however many organisations also use the additional guidance from ISO 27002 to extend the controls. ISO 27017 extends some of these controls even further to make them more applicable to cloud services

7 New Cloud Controls

Our ISO 27017 Consultants can help you understand and apply these controls as appropriate to your organisation, managing the risks of using cloud services.

In addition to the extended ISO 27001 controls, there are seven new areas to address:

  • Responsibilities Between Cloud Service Provider & the Cloud Customer.
  • Removal & Return of Assets on Termination.
  • Protection & Separation of the Customer’s environment.
  • Virtual Machine Configuration.
  • Administrative operations & procedures.
  • Activity Monitoring.
  • Alignment of Virtual & Cloud Environments.

Cloud Services

Many individuals and organisations use cloud services on a daily basis, and the popularity continues to grow due to the many benefits they bring.

However, this business model is still relatively new and continues to evolve through SaaS, PaaS and IaaS.

ISO 27017 provides explicit guidance on the responsibilities of both the cloud service provider and the cloud customer, bring much needed clarity throughout the cloud models.

ISO 27017 Certification

While ISO 27017 Certification is not common, and there is currently no UKAS accredited scheme, some respected certification bodies will include the ISO 27017 Cloud Services Controls within the scope of an ISO 27001 Management System.

Our ISO 27017 Consultants can guide you through the process of defining an appropriate management system scope and attain an independent and impartial audit of these extended controls.

Benefits of ISO 27017

Clear differentiator from competitors,
Protect & Improve your reputation,
Demonstrate commitment to Information Security,
Better management of cloud service risks,
Comprehensive risk management programme,
Established framework ready from growth.

Contact Us

Other Standards

ISO 27001

ISO 27001

The Information Security Management System (ISMS), in conjunction with ISO 27002 which provides more guidance on each Annex A Control.

Find Out More
ISO 27018 Consultants

ISO 27018

ISO 27018 provides specific guidance and controls for Personal Identifiable Information (PII) in Public Clouds.

Find Out More