ISO 27017

Information Security for Cloud Services

The ISO 27017 is a part of the ISO 27001 series of standards and is designed around cloud services security. ERS provides consultancy and implementation services for ISO 27017. We can help leverage your IT, security and support teams to ensure they understand various cloud security requirements, underlying risks and good practices in the provision, use or acquisition of cloud-based services.

Some of the controls emphasised by the standard include:

  • The roles and responsibilities between the cloud service provider and the customer
  • Responsibilities at the end of the contract (such as the return, archiving or deletion of data)
  • Segregation, boundaries and security around various client’s cloud environments
  • Security use and configuration of virtual machines and components
  • Operational processes and procedures used by privileged users
  • Alignment of the cloud network environment
  • Monitoring of cloud services

Key features of this service

  • Alignment with the requirements of Cloud Security Principles
  • Services delivered by ISO qualified Lead Auditors
  • Provide risk and gap analysis against ISO 27001, ISO 27017, ISO 27018 standards
  • Analysis of internal and supplier delivered cloud services
  • Can offer identification of ISO 27001 control objectives
  • Offers performance evaluation and recommendations for Cloud Performance Indicators
  • Help assess compliance with security controls and test effectiveness
  • Can offer quality controls with record keeping
  • Help monitor and support the implementation of raised recommendations
  • Can help provide a solution that is tailored to your organisational needs.


  • Assurance to stakeholders that robust cloud security controls are embedded
  • Provides guidelines to align teams who are geographically segregated
  • Compliance with regional and international regulations associated with cloud security
  • Reduce likelihood of security events to protect your reputation
  • Identify and address risks which impact cloud-based systems and data
  • Easily integrate into other ISO standards and extend your existing ISO 27001 framework
  • Reduce risk of data breach and fines imposed
  • Build upon existing security controls and best practices

Irrespective of whether you are a cloud service provider or a customer, the standard and its requirements can be used to enhance your security controls and measures.


For more information please contact us.

Scroll to Top