Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO 27017

  Quote
Guest
Guest user Created:   Mar 02, 2021 Last commented:   Mar 02, 2021

ISO 27017

I am working with a client who wants to be ISO 27017 compliant.

They've asked if there's anyway they can be certified, considering they're already ISO 27001 certified. I've been researching the topic for a while and i've only seen this type of compliance statement being given to Cloud service providers.
I wanted to ask if you have seen this attestation being requested and given to any company that is only a cloud consumer.

Thank you in advance for your attention!

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 02, 2021

1 - They've asked if there's any way they can be certified, considering they're already ISO 27001 certified. I've been researching the topic for a while and i've only seen this type of compliance statement being given to Cloud service providers.

Answer: First it is important to note that ISO 27017 is not a certifiable standard (some certification bodies "certify" against ISO 27017, but only during an ISO 27001 or ISO 27701 certification processes, because ISO 27001 and ISO 27701 are the only certifiable standards in the ISO 27000 series).

Considering that, to be "certified" against ISO 27017 all an organization needs to do is to include the applicable controls related to ISO 27017 in its Statement of Applicability (of course, as a result of performing the risk assessment and risk treatment process) and implement the risk treatment plan also considering the ISO 27017 controls.

These articles can provide further information:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/


2 - I wanted to ask if you have seen this attestation being requested and given to any company that is only a cloud consumer.

Thank you in advance for your attention!

Answer: Please note that ISO 27017 also has controls applicable considering the point of view of the customer, so cloud consumers also can request to be “certified” as explained in the previous question.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 02, 2021

Mar 02, 2021

Suggested Topics