We live in a world of big data and online information. Consumers and businesses want to be able to trust that the data shared with organisations via the cloud is safe. To ensure that privacy-sensitive information does not get misused or fall into the wrong hands, information security risk management is essential for any organisation that stores and processes data in a cloud environment or provides services that enable this.

Supplement to ISO 27001

The NEN-EN-ISO/IEC 27017 provides guidelines for information security controls that apply to the provision and use of cloud services. In addition to ISO 27001 for information security, ISO 27017 includes:

  • Additional implementation guidelines for relevant controls specified in ISO/IEC 27002;
  • Additional controls with implementation guidelines specifically related to cloud services.

For suppliers and users

The ISO 27017:2021 standard has been developed for both providers and users of cloud services who have already set up their information management in accordance with the ISO 27001 standard. In addition to ISO 27001, ISO 27017 provides specific risks and measures for providers and customers of cloud services. For example, the standard helps providers of cloud services to create trust in their services and supports customers of cloud services to achieve optimal security of cloud data together with their suppliers. The standard also describes what customer and supplier can expect from each other.

Why ISO 271017 certification?

  • More security for you and your customers/stakeholders;
  • More clarity regarding safety and responsibility;
  • Competitive advantage;
  • Grip on data;
  • Testing of ISO 27001 as the basis for ISO 27017.

Certification by Kiwa

Information is becoming increasingly valuable for many companies and organisations. Customer and production data is not only crucial for day-to-day operations, but can also have financial implications if not handled responsibly. Your information must therefore be secured. Kiwa has experts in the field of information security. They have extensive experience with certification processes in the field of ICT and information security in the most diverse sectors.