Our Expertise in Cloud Security Certifications

Experience in implementing security for Cloud Service Providers

In the last five years we have helped top software and telecom providers in US in implementing and certifying their cloud service offering based on the ISO 27001:2022 and ISO 27017:2015.

100% Success Rate in certifying Security Management Frameworks

Our success helping companies implement integrated management systems based on ISO 27001, ISO 27017 and NIST CSF is built on our ongoing capacity to bring the right expertise to the task and on setting up clear objectives for the integration.

Comprehensive Risk Assessment for Cloud Service Customers

We provide our clients with a systematic and iterative risk management methodology specific for cloud security deployment tailored to your business priorities.

The ISO 27017:2015 Certification

All major IT systems providers are already offering deals enabling organizations to move into the cloud at low transition costs, with full data redundancy, faster access and more. However, from the perspective of information security, there is an ongoing concern as to whether your data is being handled with sufficient care and attention during cloud migration projects.

Key Requirements

The provider must protect and separate the customer’s (CSC) virtual environment from that of other customers and external parties.

Agreement on shared or divided responsibilities between the customer and provider around information security roles associated with cloud services must be clearly laid out, recorded and communicated.

The cloud service customer (CSC) must determine how assets are returned or removed from the cloud upon termination of the contract/agreement between the customer and provider

The customer and provider must ensure virtual machines are configured and hardened to meet the needs of the organization.

Consistent configurations should be made so that the virtual network environment is in line with the information security policy of the physical network.

How the capabilities of the provider enable the customer to monitor activity within a cloud computing environment

The CSP is required to share documentation about critical operations and procedures as and when customers require it.

Why Getting ISO 27017 Certified

To help align your information security with your operational objectives, you have implemented and certified your security management system using an industry standard such as ISO 27001:2022.
The ISO 27017:2015 certification takes advantage of an existing ISO 27001:2022 implementation while helping mitigate the risks associated with both the technical and operational features of cloud services.
The ISO 27017:2015 standard identifies additional controls to be implemented within the existing framework of ISO 27001:2022 to manage security concerns related to asset and service virtualization, networking and the protection of organizational records.

Next Steps

Establish the scope of your Cloud Security Certification in alignment with the requirements of the ISO 27001:2022 Standard.

Identify and evaluate relevant operational risks associated with the Cloud services in-scope;

Perform a gap analysis of the current system as compared to ISO 27017:2015 requirements;

Document the gap assessment results, implement or update necessary controls;

Seratos provides comprehensive support for achieving the Cloud Security certification you need. Contact us and we will schedule an intro call with one of our consultants to find out more about how we can help.