ISO/IEC 27017
Prove cloud-specific security with ISO/IEC 27017, alongside ISO 27001.
Cloud Controls Gap
Against 27017's additional cloud controls
Within Your Audit
Assessed inside the ISO 27001 audit
Certificate Scope
Cloud assurance added to your certificate
Cloud Assessors
Cloud security specialists
What it is
ISO/IEC 27017 is a code of practice that extends ISO/IEC 27002 with cloud-specific security guidance for both providers and customers, clarifying shared responsibilities and virtualisation hardening. It is implemented alongside an ISO 27001 ISMS and removes the ambiguity over who secures what between you and your cloud provider.
Who must comply
Cloud service providers (SaaS, PaaS, IaaS) and heavy cloud consumers whose customers demand cloud-specific assurance beyond a plain ISO 27001 certificate.
How IntelligenceX helps
Frequently Asked Questions
Not separately. 27017 is assessed as an extension to your ISO 27001 certification scope, referenced on your certificate and audit report.
27017 covers cloud security controls; 27018 covers protection of personal data in public clouds. Most providers implement both together.
If you already run an ISO 27001 ISMS, 27017 is an incremental layer: we assess the additional cloud controls, document the shared-responsibility model and fold it into your Statement of Applicability. It typically adds only a few weeks to the programme and is assessed within the same audit.