CN
ISO/IEC 27017 Cloud Service Information Security Management System

Improve cloud service usage specifications and enhance data protection in cloud environments

 

Organizations around the world are increasingly aware of the business value that cloud computing brings and are taking steps to transition to the cloud due to the flexibility, continuity, and scalability that cloud services offer. One of the main challenges of cloud computing is how to address the security and privacy concerns of enterprises planning to adopt it and the cloud service providers (GSPs) that implement it.

 

ISO/IEC 27017 is an international standard for securing cloud services that defines specific requirements for GSPs. ISO/IEC 27017 builds on the controls defined in ISO/IEC 27001, adding additional controls and implementation guidance specifically designed to help businesses securely set up and use cloud services to protect information stored and/or processed in the cloud. The ISO/IEC 27017 standard works in conjunction with the ISO/IEC 27001 family series of standards to provide enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards, the ISO/IEC 27017 standard sets out the roles and responsibilities of both parties in helping to ensure that cloud services are as secure and reliable as other data contained in certified information management systems.

 

As the global use of cloud technology continues to grow, enterprises must strategically consider the risks of storing protected information and explore security options to protect their information systems. There are multiple security standards available to cloud service providers and users to protext cloud-based environments and to minimize the potential risk of security incidents, ISO/IEC 27017 provides value to businesses moving data to and/or sharing data in the cloud (including GSPs).

 

Service Content

The ISO/IEC 27017 standard allows organizations to work on long-term goals. By having an internationally standardized framework to build their cloud security, after internalization of requirements, organizations will be able to reduce operational and reputational risks and work toward a sustainable future. The standard broadly covers the following subjects: asset ownership, recovery measures in the event of GSP dissolution, disposal of assets with sensitive information, segregation and storage of data, security management adjustments for virtual and physical networks, etc. The standard can help cloud providers identify important security aspects while identifying suitable partners.

 

The ISO/IEC 27017 standard is a unique technical standard that addresses the business needs of customers and cloud service providers. ISO/IEC 27017 is designed to help recommend and implement controls for cloud-based organizations, not only relevant to organizations whose information is stored in the cloud, but also to providers of cloud-based services to other companies that may have sensitive information, Meeting this standard will help businesses build trust with customers and other stakeholders, demonstrating a competitive advantage.

Related Standards

○ ISO/IEC 27001-2013 Information Technology - Security Technology - Information Security Management System - Requirements

 

○ ISO/IEC 27002-2022 Information Security, Cybersecurity and Privacy Protection Information Security Control

 

○ GB/T 37724-2019 Information technology-Industrial cloud service-Capabilities general requirements

 

○ GB/T 37738-2019 Information technology-Cloud computing-Cloud service quality evaluation indicator

Value Gain

○ Provide customers and stakeholders with greater confidence in the security of their data and information;

 

○ Provide a competitive advantage and demonstrate robust controls over data protection;

 

○ Protect brand reputation and reduce the risk of negative publicity caused by data leakage;

 

○ Ensure compliance with local regulations and reduce the risk of fines for data breaches;

 

○ Provides general guidelines covering different countries to facilitate doing business globally and gaining opportunities as a preferred supplier.

Service Process

Q&A
 
How long does the system need to run before applying for certification?
Before applying for certification, the system must have been running for at least 3 months.
After obtaining the certificate, how to query the authenticity and validity of the certificate?
The authenticity and validity of the certificate can be queried by logging into NOA website (www.noagroup.com and selecting "certificate / report query" in the "resource center", or by logging into the national certification and accreditation information public service platform(http://cx.cnca.cn)Query.
After obtaining the certificate, how long is the certificate valid? Is it necessary to review every year?
After obtaining the certificate, the validity period of the certificate is 3 years, and at least one on-site audit is required every year to keep the certificate valid.
What to do after the expiration of the certificate?
Before the expiration of the certificate, we will arrange the customer service specialist to contact you actively to assist you in handling matters related to your re certification application.
Our Advantage
Authoritative Qualification
NOA has been approved by Certification and Accreditation Administration of the People’s Republic of China(CNCA)(CNCA-R-2002-051), and has obtained qualification of China Inspection Body and Laboratory Mandatory Approval (CMA),and has passed the multiple approvals of China National Accreditation Service for Conformity Assessment (CNAS), International Accreditation Service (IAS), United Kingdom Accreditation Service (UKAS), Joint Accreditation System of Australia and New Zealand (JAS-ANZ). NOA|Noah has been approved by State Administration for Market Regulation of China, and has been recognized as inspection and testing institution of China's special equipment, as well as the qualification of China's national equipment supervision and engineering supervision. NOA-DCI is the notified body of the CE directive of the European Commission. NOA has been recognized by the International Electrotechnical Commission (IECQ) by obtaining Electronic Component Quality Assessment System. It is also a national inspection and assessment notified body of import and export commodity in China.NOA is a high-tech enterprise in Shanghai.
Improve Performance, Realize Asset Value Appreciation, and Service Throughout the Entire Value Chain
From pre-design to post-operation, NOA has the ability to guarantee the whole life cycle of the business. NOA, as an independent third-party inspection company, has a large number of domestic and international standards and specifications proficient in design, welding, non-destructive testing, painting, packaging and other fields The experienced team of professional engineers and inspection experts, with more than ten years of experience in the domestic market, is familiar with all aspects of the domestic industrial equipment supply chain, and can provide you with technical support services for the full life cycle of technical services in a timely manner, combining various products. Inspection, certification, testing, consulting, and auditing services can provide you with one-stop all-round comprehensive services.
Quality, Efficiency and Service
NOA has formed a mature and solid operation system in the development of more than 20 years. We let technical experts who are familiar with market regulations and testing standards and have professional industry experience to carry out inspection, evaluation and design review work. While meeting the requirements of domestic and international standards, we ensure that customers can obtain satisfactory service results in the first time with accurate time-sensitive management methods, and ensure that customers can seize the opportunity in the market competition.
Service Area
NOA inspection services currently cover Europe, Australia, Russia, some Middle East regions and most regions in China. NOA can ensure the consistency and continuity of customer service in different regions, and eliminate the impact of unfamiliar environments on customer quality. The guarantees and the impact of project implementation enable customers to participate in different markets across the country or around the world with flawless quality.
Submit your request
NOA expert team to provide you with high-quality solutions
Advisory Message
Relevant Recommendation
Related Download

Tel:+86-400 821 5138

Fax:+86-21 3327 5843

Email:noa@noagroup.com

Our Services
System Certification
Service Certification
Product Certification
Detection Service
Inspection Service
Drug R&D and Production
Industry Solutions
Environmental Safety
Pharmaceutical&Medical
Building Materials and Construction Engineering
New Energy
Electronics
Industrial Equipment and Manufacturing
Personal Beauty Care
About Us
Overview NOA
Overview AENOR
Overview DCI
DCI Global
Qualification and Honor
Global Layout
Sustainable Development
News Center
Resource Center
Cooperative Partner
Data download
Certificate/Report Query
Training and Seminars
Contact Us
Contact Information
Consultation Message
Complaints and Suggestions
© Copyright NOA Group 版权所有 沪ICP备14042172号
Terms and Conditions
Qualification Management Formula
沪公网安备 31011502003435号