Who is responsible for cloud security?
Despite the importance of cloud services, there is a lack of confidence in the security of cloud service providers and their customers, with confusion over whose responsibility it is to protect the information that’s in the cloud.
The reality is, it’s both party’s responsibility. The cloud service provider’s (CSP) role is to mitigate the risk of an information security breach in the cloud and it’s the cloud service customer’s (CSC) responsibility to implement organisational information security controls and processes.
What is ISO 27017?
Within the ISO 27000 family of standards, ISO 27017 is a code of practice outlining additional information security controls, specifically for cloud service providers and their customers.
ISO 27017 certification from Lloyd’s Register (LR) clarifies both party’s responsibilities to help make cloud services as safe and secure as the rest of an organisation’s information. The standard provides cloud-based guidance on 37 of the controls in ISO 27002, but also features seven new cloud controls that address shared roles and responsibilities, the monitoring of cloud services activity, alignment of the security management of the virtual and cloud network environment and more.
Need help with ISO 27017
LR has built a portfolio of certification and assessment services to ISO 27001, which also includes a statement of verification for other information security standards: ISO 27017, ISO 27018 and ISO 27032.
We specialise in management system compliance and can provide certification services to ISO 27017 where we will issue you with a statement of verification. This is a public and independent statement of your organisation’s capability to protect your information stored in the cloud.
Why work with us?
In the UK, Lloyd's Register was the first certification body to become accredited by UKAS (United Kingdom Accreditation Service), the scope of which covers the delivery of certification and assessment services in any industry sector. This means you can be confident that we have the information security expertise to carry out your assessment, no matter what industry you work in.
At Lloyd's Register we make sure you’re assigned an assessor that is matched to your industry and business needs, aiding a thorough, value-added assessment. We add real value to your organisation by making appropriate recommendations to make sure your information stored in the cloud is protected.
Your business helps us to help others
At Lloyd's Register we’re not owned by shareholders, but by the Lloyd’s Register Foundation, a charity that supports engineering-related research, education and public engagement. The profits we generate help fund the Foundation's work, enabling us to stand by our vision that drives us every single day: working together for a safer world.