ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
We have a suite of services to help clients manage cloud security. Each offering relates to specific controls that support with managing specific cloud risks. Here we clarify what the different assessment schemes offer to support our positioning.
IEC 27017
ISO/IEC 27017 is an international code of practice for cloud security controls. It outlines cloud specific controls to manage security, building on the generic controls described in ISO/IEC 27002. It’s applicable to both Cloud Service Providers (CSPs) and organizations procuring cloud services. It supports with outlining roles and responsibilities for both parties, ensuring all cloud security concerns are addressed and clearly owned.
CSA STAR Certification
CSA STAR certification is based on a different control set that was created by and is owned by the Cloud Security Alliance (CSA), a global industry body pioneering research and development in Cloud Security. The controls for CSA STAR certification are mapped to a number of other standards making it a useful tool for organizations wishing to review their compliance against a wide range of standards and industry best practices (including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018).
This standard is regularly reviewed by an expert panel in the CSA to ensure in is up-to-date with industry best practice. It also contains a management capability (maturity model) to help organizations continually drive improvement and aim to enhance their cloud security.
IEC 27017
ISO/IEC 27017 is an international code of practice for cloud security controls. It outlines cloud specific controls to manage security, building on the generic controls described in ISO/IEC 27002. It’s applicable to both Cloud Service Providers (CSPs) and organizations procuring cloud services. It supports with outlining roles and responsibilities for both parties, ensuring all cloud security concerns are addressed and clearly owned.
CSA STAR Certification
CSA STAR certification is based on a different control set that was created by and is owned by the Cloud Security Alliance (CSA), a global industry body pioneering research and development in Cloud Security. The controls for CSA STAR certification are mapped to a number of other standards making it a useful tool for organizations wishing to review their compliance against a wide range of standards and industry best practices (including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018).
This standard is regularly reviewed by an expert panel in the CSA to ensure in is up-to-date with industry best practice. It also contains a management capability (maturity model) to help organizations continually drive improvement and aim to enhance their cloud security.
InfoSec & Quality Standards Implementation and Audits
We assist organisations in:
- Implementing various standards for Information Security and Quality.
- Second and Independent Third Party Audits
- Compliance Audits
- Relevant Trainings for End Users and Management
- Providing SME's onsite
- Guaranteed certification audit success
- Implementing various standards for Information Security and Quality.
- Second and Independent Third Party Audits
- Compliance Audits
- Relevant Trainings for End Users and Management
- Providing SME's onsite
- Guaranteed certification audit success