ISO 27017

What’s 27017?

ISO 27017 is a standard that provides guidelines for information security controls for cloud services based on ISO 27002. It covers the implementation of additional controls and guidance for cloud service providers and customers, such as confidentiality, availability, and authenticity. It also clarifies the roles and responsibilities of both parties in ensuring the security of cloud data and systems. ISO 27017 is part of the ISO 27000 family of standards, which are widely recognized as best practices for information security management.

Process offered


The first step of the engagement, after signing the agreement. This helps Securis360 and the Client to understand the scope, objectives, timeline, methods, and roles for the testing.

A good plan is essential for a successful project. Securis360 follows standard procedures to ensure all the important aspects of the engagement are covered.

Understanding and kick off

The kick off marks the beginning of the engagement. Securis360 will set up a call before or at the start of the kick off to sort out any remaining issues. Securis360 will be ready to answer any questions from the client.

Securis360 makes sure to communicate before the testing and on-site visit begin, so that the project and team are stable and the client knows the plan.

Testing and Gathering

The main part of the compliance engagement is testing and gathering. This phase will involve collecting the evidence required for the goals agreed upon during the planning and understanding processes.

Securis360 has a policy of no surprises and keeps in touch with the stakeholders throughout the testing and gathering activities. Moreover, Securis360 will start preparing the draft deliverable to deliver it to the Client quickly after this phase.


The final step of Securis360’s testing method is reporting, but the whole assessment aims to produce a deliverable that is clear, concise, and accurate.

Securis360’s report considers the whole process and tailors a report for each client. The draft report will be delivered at the end of the testing and gathering phase, and the final report will be delivered after the completion of the complete process.