ISO/IEC 27017:2015 specifies information security controls that apply to the supply and use of cloud services. This standard adds implementation instructions for applicable controls provided in ISO/IEC 27002, as well as new controls with implementation guidelines that are specific to cloud services.
What does IEC stand for in the standard?
The International Electrotechnical Commission is abbreviated as IEC. ISO and IEC comprise of the specialised framework for global standards. National bodies that are ISO or IEC members contribute to the development of International Standards through technical committees created by the respective organisation to address specific areas of technical activity.
What the IEC does
The International Electrotechnical Commission (IEC) is a global, non-profit membership organisation whose work supports quality infrastructure and international trade in electrical and electronic goods. Their work promotes technological innovation, low-cost infrastructure development, efficient and sustainable energy access, smart urbanisation and transportation systems, climate change mitigation, and increased human and environmental safety. The IEC has published approximately 10,000 IEC International Standards, which, in conjunction with conformity assessments, provide the technical framework that allows governments to build national quality infrastructure and businesses of all sizes to buy and sell consistently safe and reliable products.
The IEC’s Strategy
A few of the IEC strategic objectives are as follows:
- Commercial and societal significance:
- Effectively responding to market and societal needs.
- Bringing all essential stakeholders together.
- Providing new methods to collaborate with other organisations.
- Long-term model of business:
- Inspiring faith in and global adoption of the IEC brand.
- Long-term stability is ensured by a varied and sustainable revenue mix.
- Putting in place solid legal underpinnings for the entire business model.
- Organisational adaptability:
- Creating a transparent governance system that considers both possibilities and difficulties.
- Ensuring that IEC work is applicable and used worldwide.
- At all levels, they represent all-important interests.
- Bringing in the greatest leaders and experts from around the world.
- Operations that are agile:
- Accepting new ways of working.
- Developing procedures and operations that are adaptable, efficient, and cost-effective.
- Providing cutting-edge IT tools.
ISO/IEC 27017:2015 advantages for cloud customers
Cloud usage is increasing as consumers realise the benefits it can provide, such as increased agility, continuity, and scalability. To promote company success with the cloud, however, individual roles and responsibilities must be clearly defined. This was generally acknowledged by industry leaders who took part in the development of ISO/IEC 27017:2015, which requires companies to examine roles and responsibilities for both cloud service providers and users who are acquiring services (cloud customers).
Cloud customers face significant obstacles
Even in the cloud, outages, interruptions, breaches, and disasters are still a reality. ISO/IEC 27017:2015 specifies customer needs for anything from legal and regulatory requirements to intellectual property rights and record preservation. From a legal standpoint, it is vital that you can demonstrate due diligence and a standard of care. This is especially crucial when it comes to providing digital evidence or other material from the cloud computing environment. Working with and adhering to ISO/IEC 27017:2015 as a best-practice framework can help you feel prepared if you meet any forensic investigations or problems around information protection. Offering or embracing the cloud can still bring confusion and anxiety. Any firm that has entrusted sensitive customer data to a third party has discovered that there are grey areas in which rights and duties are not clearly defined. A lot has been based on trust, which isn’t always the best long-term strategy for success – especially now that ISO/IEC 27017:2015 makes obligations obvious.
Microsoft, Office 365, and ISO/IEC 27017:2015
The ISO/IEC 27017:2015 standard is unique in that it provides recommendations for both cloud service providers and cloud service clients. It also gives cloud service users useful information about what to expect from cloud service providers. Customers can immediately benefit from ISO/IEC 27017:2015 by understanding their shared obligations in the cloud. Microsoft Office 365 is a multi-tenant, hyper-scale cloud platform that provides a unified experience of apps and services to users in several areas across the globe. Customers can define the area where their customer data is stored in most Office 365 services. Microsoft may replicate customer data to other regions within the same geographic area for data resiliency purposes, but Microsoft will not replicate customer data outside of the designated geographic area.
Conclusion
You have actual obligations in the cloud, and by implementing ISO/IEC 27017:2015 protocols, you may better safeguard your organisation from potentially damaging charges or court cases. So, by taking your cloud obligations seriously, you can strengthen your organisation’s resilience and preserve its most valuable assets.
WWISE achieves excellence by driving our clients’ success through ISO standards. We assist organisations to embed resilience, allowing them to cultivate sustainably, adapt to any change, and thrive over time.
For more information on ISO/IEC 27017:2015 contact WWISE, today on 08610 99473 or 021 525 9159 or visit our website: https://www.wwise.co.za.