ISO 27017 provides guidelines for information security controls applicable to providing and using cloud services. It provides additional controls with implementation guidance specifically related to cloud services, helping showcase your company's commitment to ISO guidelines for cloud security.
Who should be ISO 27017 compliant?
- For SaaS companies that are ISO 27001 certified, adding 27017 shows that you comply with ISO best practices for cloud security.
Why should my company be ISO 27017 compliant?
- ISO is the leading, formally certifiable, general-purpose privacy standard. ISO 27017 helps showcase your company's commitment to ISO guidelines for cloud security.
What is the timeline for ISO 27017 compliance?
- Approximately 40 hours. Remember that a company must also be ISO 27001 certified to achieve ISO 27017 compliance.
What can Vanta automate?
- Vanta will provide automated tests and evidence for ISO 27017 compliance.
Does ISO 27017 compliance require a formal audit?
- No, this certification does not require a formal audit, but a company must be ISO 27001 certified. The ISO 27001 compliance does require a formal audit. Most companies will align their compliance efforts with ISO 27001 and 27017 and perform the audits together.
What is the complexity when compared to other popular standards?
- ISO 27017 is much less complex and rigorous than SOC 2, and organizations will typically audit ISO 27017 controls as part of their annual ISO 27017 certification audit.
Updated