How to get ISO 27017 certificate?
ISO 27017 is a code of practice especially for cloud services. It ensures that a certified company’/organization’s information security is under explicit management control. The ISO 27017 standard is based on ISO 27002
OBJECTIVES AND BENEFITS OF IMPLEMENTATION
By implementing ISO 27017, companies/organizations can identify risks especially for cloud infrastructure and cloud services. Organization puts controls in place to manage or reduce them. It helps in gaining customer trust in relation to the protection of their data and infrastructure.
It is generally a add on certificate to ISO 27001 certification already attained by the organization
CERTIFICATION PROCESS FOR ISO 27017
ISO 27017 Certification is provided by Eurocert. It is given to a fully compliant managment system for ISMS for cloud services. the certified cloud service provider should demonstrate a PDCA cycle of improvement. It should have a underlying management system compliant with ISO 27001.
During the stage1 audit, Eurocert will checks the completeness of system documentation specific for implementation of selected controls from ISO 27017.
Deviations are recordedby auditors. The company defines rootcause analysis and sets a period of time within which the necessary corrective actions will be planned.
If the certification audit does not record any non-compliances to the ISO 27017 standard then the Certification Body issues the ISO 27017 Certification.
In the case of recorded non-compliances the Company must take further corrective actions.
During ISO 27017 certification audit, following are checked:
- License of the Company and the accompanying documents
- Other permits required
- Organizational Structure / Chart
- Instructions for External Documents (eg Legislation)
- A statement of applicability
VALIDITY OF CERTIFICATE
If Stage 2 audit of the organization’s ISMS is successful, the certificate is issued shortly. The ISO 27017 certificate is valid for three years during which time two annual surveillance audits must take place.
What specific IS Controls does ISO 27017 recommends?