Question about ISO 27001 and ISO 27017
Does a company have to have ISO27001 as well as ISO27017 or can it have just ISO27017?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Please note that ISO 27017 is a supporting standard, providing guidance and recommendations for the implementation of cloud-related controls, and it does not have the requirements for a management system.
Considering that, if you are considering implementing an Information Security Management System, then you need ISO 27001 (it is enough to cover cloud security requirements, and you will only need ISO 27017 if you have specific legal requirements demanding the use of ISO 27017).
Now, if you are considering only adopting specific cloud-related controls, without using the support of a management system, then you can use only ISO 27017.
These articles will provide you a further explanation about ISO 27001 and ISO 27017:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Comment as guest or Sign in
Nov 16, 2020