ISO 27017 Consulting Services for CSP’s

Simplified Conformance with Cloud Security Best Practices

Know Your Public Cloud Service is Secure—and Prove It

It’s possible no industry is more familiar with the pressure to “prove security” than the cloud services industry. To attract and retain customers and avoid regulatory sanctions, today’s Cloud Service Providers (CSPs) need to prove they are secure to everyone: prospects, business partners, shareholders, regulators… the list goes on.

ISO 27017, the Code of Practice for Information Security Controls Based on ISO/IEC 27001 for Cloud Services, builds on the ISO 27002 standard to provide targeted guidance for both cloud services providers and consumers. CSP’s who extend the scope of their ISO 27001 compliant Information Security Management System (ISMS) to include ISO 27017 have confidence they are managing their cloud environments security.

With Pivot Point Security as your trusted partner, demonstrating ISO 27017 conformance year over year as an adjunct to your ISO 27001 certification is assured. Our CSP clients enjoy enhanced cloud security postures, streamlined security processes and the ability to provably demonstrate to any stakeholder that their cloud environment is secure and in compliance with applicable regulations.


Speak with an Expert on how to implement ISO 27001 + ISO 27017 for CSP’s

Benefits for CSP’s of Extending ISO 27001 with ISO 27017 Controls

  1. Improved customer and stakeholder confidence in your service
  2. Simplified ability to do business globally or in multiple regions/countries
  3. Streamlined contract negotiation
  4. Improved ability to comply with evolving laws and regulations governing the handling of information in your cloud
  5. Reduce the cost of cyber liability insurance (CLI)

How does ISO 27017 up your Cloud Security Game?

Besides offering guidance for public cloud services providers and consumers on many of the ISO 27001/27002 controls, ISO 27017 also describes seven additional controls:

  1. Shared roles and responsibilities in cloud computing environments
  2. Removal of cloud service customer assets
  3. Segregation in virtual computing environments
  4. Virtual machine hardening
  5. Administrator operational security
  6. Monitoring of cloud services
  7. Security management for physical and virtual networks

Our ISO 27017 consulting services help our CSP clients strategize, build, and certify a robust and effective ISMS with associated controls specific to public cloud security. Our experts offer a wealth of cloud security experience to guarantee that your controls conform to the ISO 27017 standard.


Speak with an ISO 27017 expert

ISO 27017 Frequently Asked Questions (FAQ)

What is ISO 27017?

Part of the ISO 27000 family of globally recognized standards that help organizations keep data secure, ISO 27017 provides guidance on the information security issues specific to public cloud computing. ISO 27017 augments the guidance provided by ISO 27002 to better address cloud-specific use cases.

Do we get an ISO 27017 certification?

Because ISO 27017 is not a management standard, companies cannot be certified only against the ISO 27017 controls. However, your business can add the ISO 27017-specific controls to the scope of its ISO 27001 certification audit. Expanding your ISO 27001 scope to encompass the ISO 27017 controls allows you to include 27017 on your ISO 27001 Certificate, which provides a strong independent/objective validation that the controls have been properly implemented.

Why should my company consider implementing ISO 27017 controls?

Any cloud service provider that handles sensitive data on behalf of customers is likely to benefit from aligning with ISO 27017. By providing security guidance specific to public cloud environments, ISO 27017 addresses the major security issues that cloud providers face, such as roles-based security, monitoring, and client/provider security responsibilities. Organizations that align with ISO 27017 will benefit from a more robust security posture, and also reduce the level of information security risk that cloud providers inherently face.

Benefits of Our ISO 27001 + ISO 27017 As-A-Service Model

  • Achieve conformance at your own pace– With our dedicated ISO 27017 expertise on tap, you’ll have the information, documentation and staff augmentation you need, when you need it.
  • Chart a roadmap and stay on target– Routine status/coordination meetings between our ISO 27017 specialists and your in-house team will keep your project moving ahead.
  • Time- and cost-effective conformance – Our subject matter expertise, proven processes and standard-driven artifacts will simplify and accelerate your conformance process, saving you time and money.
  • Make sure your company conforms to ISO 27017 requirements– Pivot Point Security ensures your success by validating that all your processes and controls fully conform to the ISO 27017 guidance.
  • Make sure you pass your ISO 27001 certification audit– We provide onsite support to ensure a smooth and successful certification audit, including your cloud security controls.
  • Ensure you maintain your ISO 27017 conformance year upon year– Pivot Point Security provides whatever ongoing support you need to operate your cloud security controls, continually improve your public cloud security posture, implement your Internal Audit Program, and maintain ISO 27017 conformance within the scope of your ISO 27001 certification.