Cloud Services

In conjunction with ISO 27001, ISO 27017 provides enhanced controls for cloud service providers and cloud service customers. The Code of Practice clarifies both parties’ roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

ISO 27017 can be applied to organisations of all sizes, providing Cloud Services. Achieving certification provides independent assurance to your existing and potential Cloud Service customers and other interested parties that you have appropriate confidentiality, integrity and availability controls in place. It can also give you that vital edge over your competitors.

• A core requirement for ‘doing business’ in both public and private sectors
• Independently verifies that your cloud security risks are properly identified, assessed and managed
• Assures clients that your organization can effectively deal with security incidents
• Supports compliance with data protection regulations
• Supports the maintenance of cloud security awareness of all relevant employees and contractors
• Shows stakeholders the good governance controls and best practice processes implemented within your organisation
• Provides a framework for meeting future regulatory requirements

Siguiente consultants will review your organisation’s current Cloud Services information security controls against the requirements of the ISO 27017 Standard, and work with you to develop a plan and implement the necessary controls to achieve compliance.

If required, our consultants will then assist you in ultimately achieving ISO 27017 certification.

Are you considering achieving combined certifications for ISO 27017 alongside other Standards such as ISO 27018 (Code of Practice for Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors), ISO 27701 (Privacy Information Management), or ISO 20000 IT Service Management for example? Do you already have certification to other ISO Standards and want to integrate ISO 27017 requirements with them?

Siguiente consultants specialise in this combined approach, that is, implementing Integrated Management Systems. For organisations that need to achieve two or more ISO standards, there are significant advantages in implementing these standards in parallel rather than taking a phased approach, in particular, the internal and external incremental costs can be significantly reduced. There are also significant resource economies to be achieved with projects addressing multiple ISO standards e.g. one gap analysis, one implementation programme, less potential for duplication and more effective integration of your management systems. Maintenance of an integrated management system is also more efficient in terms of audits, management review, documentation, and continued assessment.

In today’s climate, the confidentiality, availability and integrity of Cloud services are critical to the operation and survival of many businesses.

ISO/IEC 27017 is an extension to ISO/IEC 27001 Information Security Management. The Standard provides a code of practice for ensuring the appropriate security of your Cloud Services.

Siguiente consultants will conduct reviews of your current security controls for your Cloud Services, including current information security policies, procedures and practices and examine their effectiveness.

Siguiente can then help your organisation to implement ISO 27017 compliant cloud security controls that are proportionate to your organisation and effective in the protection of your Cloud Services.

To find out more about our ISO 27017 certification process, please click here

If you already have ISO 27017 certification, please click here to find out more about how we can help you maintain and improve your existing information security management system.

In addition to ISO 27017 consultancy, we also provide a comprehensive service to assist organisations in achieving compliance and certification with the PCI DSS (Payment Card Industry Data Security Standard) including QSA Assessments, Cyber Essentials, DSP Toolkit submissions (for NHS Partners), Supply Chain Security Audits and Assessments, GDPR and Data Protection Consultancy and Physical Security Assessments.

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

Since 2007, Siguiente consultants have been instilling absolute quality into the delivery processes of a huge range of organisations, from SMEs to large corporates. Our team of qualified professionals including CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS and CMIOSH qualified consultants) have developed and led UKAS accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across the UK, EMEA, US and beyond, from 5 to over 20,000 people businesses.

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve all the associated economies and efficiencies in the system design, implementation and maintenance.

This experience, and the huge success of both the project delivery and maintenance phases of our standards-based practices, has been firmly based on two key principles: the ability of Siguiente consultants to look beyond the standard in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.

Our team of experienced information security consultants have helped an extensive array of organisations achieve ISO certification as part of a standalone ISO 27017 ISMS implementation or alongside other ISO and information security standards such as Cyber Essentials and PCI DSS. These organisations range from SMEs to large corporates as well as public and charitable organisations. To see some of our ISO 27017 clients, please visit our ‘Clients’ page.