Information security is a crucial aspect, especially in the context of cloud computing. Within the ISO standards, specifically in the ISO 27000 series, you will find guidelines for effective information security. ISO 27001, as an information security management standard, includes in Annex A the objectives and measures that an organization should consider when implementing its information security management system (ISMS). Moreover, the International Organization for Standardization (ISO) has developed additional guidelines for specific sectors.

ISO 27017

ISO 27017

ISO 27017 was created specifically for organizations involved in cloud solutions, both as clients and service providers. This standard introduces additional security controls focused on ensuring cloud security.

ISO 27018

ISO 27018 focuses on cloud providers that process personal data. It includes detailed controls to ensure the privacy of personal data in the cloud.

Why are these standards important?

For organizations using cloud services, these additional controls are invaluable because they are specifically tailored to the nature of cloud services. By taking these additional controls into account during the ISO 27001 certification process, an organization proves its commitment to providing the highest possible level of assurance to its stakeholders.


During the certification process against ISO 27001, Brand Compliance also evaluates the additional controls specified in ISO 27017 and ISO 27018. If an organization demonstrates effective implementations of these controls, an additional certificate is issued to confirm that the organization complies with these additional controls.

How does it work?

The controls in ISO 27017 and ISO 27018 can be assessed in parallel during the regular ISO 27001 certification process. Organizations can also choose to certify these additional controls at a later stage, as an addition to their ISO 27001 certification.

By ensuring effective implementation of ISO 27017 and ISO 27018, organizations can not only improve their information security in the cloud, but also strengthen their credibility and trust with stakeholders.

For more information on ISO 27017 and ISO 27018, please contact us.

More information