Information Security Controls
ISO 27017: 2015
Overview

ISO 27017 provides Cloud security guidelines for both cloud customer and cloud service provider. The document can be used as an implementation, audit, service, project and IT change guide.

In Coral, we have a formal methodology to fulfill and implement ISO 27017 cloud security requirements.

Our Approach to Successful ISO-IEC 27017 Implementation

We bring our world-class experience in delivery ISO-IEC 27017 implementation leading to successful certification.

PHASE I - Context establishment

In this phase we determine your business in line with Cloud. Questions such as what are the applications, services that are involved here. If you are a service provider, we determine whether you are SAAS, PAAS, or IAAS. This helps in determining which are the applicable areas to cover.

PHASE II - Gap Analysis

This phase helps in determining the configuration in scope, in one hand, and determining the applicable requirement and their implementation maturity.

This phase ends with the following deliverables:
1. Applicable requirements
2. Status of each requirement
3. Recommendations – Technical and process to fulfill the gaps

PHASE III - Control Design and documentation

This phase involves setting up applicable policies and support in implementation of gaps.

PHASE IV - Tracking

This phase involves tracking the client risks, technical controls, and documentation on a weekly basis till all internal controls are adequately implemented.

PHASE V - Performance Tracking

This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.

PHASE VI - Internal Audit

This phase involves verifying the governance system created for the organisation is well in place and ready to declare as ISO 27017 compliant.

At this stage the client has implemented the governance system in completeness.

We support you in all the above phases to Cloud Security - ISO 27017.
Call or write to us at :
for proposal / roadmap / information