ISO 27017 provides Cloud security guidelines for both cloud customer and cloud service provider. The document can be used as an implementation, audit, service, project and IT change guide.
In ESA, we have a formal methodology to fulfill and implement ISO 27017 cloud security requirements.
We bring our world-class experience in delivery ISO-IEC 27017 implementation leading to successful certification.
In this phase we determine your business in line with Cloud. Questions such as what are the applications, services that are involved here. If you are a service provider, we determine whether you are SAAS, PAAS, or IAAS. This helps in determining which are the applicable areas to cover.
This phase helps in determining the configuration in scope, in one hand, and determining the applicable requirement and their implementation maturity.
This phase ends with the following deliverables:
1. Applicable requirements
2. Status of each requirement
3. Recommendations – Technical and process to fulfill the gaps
This phase involves setting up applicable policies and support in implementation of gaps.
This phase involves tracking the client risks, technical controls, and documentation on a weekly basis till all internal controls are adequately implemented.
This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.
This phase involves verifying the governance system created for the organisation is well in place and ready to declare as ISO 27017 compliant.
At this stage the client has implemented the governance system in completeness.