What is ISO 27017 and ISO 27018?

The ISO 27000 series is one of the series that covers information security. Annex A to ISO 27001 contains the control objectives and controls that an organization must consider when implementing its information security management system. The International Organization for Standardization (ISO) has written additional guiding documents for specific sectors.

ISO 27017 was written for organizations involved in cloud solutions as a customer or service provider. It contains additional controls specifically in the area of cloud security.

ISO 27018 contains controls directed at cloud providers that process personal data.

Why?

Organizations working with cloud service solutions benefit from these additional controls since they are geared to providing services. When these additional controls are included in the certification of an organization under ISO 27001, it demonstrates that the organization has made a maximum effort to offer its stakeholders the highest level of security.

ISO 27017 and ISO 17018 Certification

In a certification under ISO 27001, Brand Compliance will assess the additional controls as included in ISO 27017 and ISO 27018. If an organization has implemented these controls with demonstrable effectiveness, an additional certificate will be issued confirming that the organization fulfils the additional controls.

How does it work?

Brand Compliance may assess the ISO 27017 and ISO 27018 controls together with the regular ISO 27001 certification process. It is also possible to certify the additional controls later as part of ISO 27001.