ISO 27017 provides guidelines for information security controls applicable to the provision and use of cloud services by providing additional controls with implementation guidance specifically related to cloud services. ISO 27017 helps showcase your company's commitment to ISO guidelines for cloud security. 

 

Who should be ISO 27017 compliant? 

  • For SaaS companies that are ISO 27001 certified, adding 27017 shows that you comply with ISO best practices for cloud security.

 

Why should my company be ISO 27017 compliant?

  • ISO  is the leading, formally certifiable, general-purpose privacy standard. ISO 27017 helps showcase your company's commitment to ISO guidelines for cloud security. 

 

What is the timeline for ISO 27017 compliance? 

  • Approximately 40 hours. Keep in mind that to achieve ISO 27017 compliance, a company must also be ISO 27001 certified.

 

What can Vanta automate?

  • Vanta will provide automated tests and evidence for ISO 27017 compliance.

 

Does ISO 27017 compliance require a formal audit?

  • No, this certification does not require a formal audit, but a company must be ISO 27001 certified. The ISO 27001 compliance does require a formal audit. Most companies will align their compliance efforts with ISO 27001 and 27701 and perform the audits together. 

 

What is the complexity when compared to other popular standards?

  • ISO 27017 is much less complex and rigorous than SOC 2, and organizations will typically audit ISO 27017 controls as part of their annual ISO 27001 certification audit.