ISO 27017 Cloud Computing Consultants

FLANK ISO 27017 consultants provide industry leading expertise in helping organizations assess, adapt and implement, as necessary, security controls published within ISO/IEC 27017:2015 — Information technology — Security techniques — Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services. In keeping pace with the changes in information technology and information security, ISO 27017 provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers.

ISO 27017:2015 – A Useful Reference Model for Cloud Platforms

ISO 27017:2015 is essentially designed for organizations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO/IEC 27002:2013. Additionally, ISO 27017: 2015 can also be utilized by cloud service providers as a guidance document for implementing commonly accepted protection controls.

Moreover, ISO 27017:2015 provides additional cloud-specific implementation guidance based on ISO/IEC 27002, and provides additional controls to address cloud-specific information security threats and risks referring to clauses 5 to 18 in ISO/IEC 27002: 2013 for controls, implementation guidance, and other information.

ISO 27017:2015 thus provides guidance on 37 controls in ISO/IEC 27002, along with including seven new controls that are not duplicated in ISO/IEC 27002, which are the following:

  • Shared roles and responsibilities within a cloud computing environment
  • Removal and return of cloud service customer assets upon contract termination
  • Protection and separation of a customer’s virtual environment from that of other customers
  • Virtual machine hardening requirements to meet business needs
  • Procedures for administrative operations of a cloud computing environment
  • Enabling customers to monitor relevant activities within a cloud computing environment
  • Alignment of security management for virtual and physical networks

In summary, ISO/IEC 27017 is unique in providing guidance for both cloud service providers and cloud service customers. It also provides cloud service customers with practical information on what they should expect from service providers.

ISO 27017, AWS, Azure, and Emerging Cloud Providers

With the continued growth of Amazon AWS, Microsoft Azure, along with many up-and-coming cloud service providers, the need for understanding and implementing relevant cloud-based security controls is vitally important. FLANK has years of experience working in the cloud, helping organizations in architecting viable solutions that meet both security and compliance solutions. If you’re operating in the cloud and looking to build and implement an Information Security Management System (ISMS), it’s therefore critical to review the relevant controls and subject matter within ISO/IEC 27017:2015 — Information technology — Security techniques — Code of Practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services.

Proven AWS and Microsoft Azure Cloud Consultants

FLANK provides Microsoft Azure and Amazon AWS cloud implementation, consulting, strategy, and architecture services and solutions for small to medium size businesses throughout North America, Europe, and other select locations. Both Azure and AWS are the two true heavyweight providers of cloud services, offering a wide-range of solutions for business of all sizes, industries, and sectors. Additionally, both Azure and AWS are investing billions of dollars in infrastructure, effectively solidifying themselves as the true providers of cloud services. FLANK’s services for Azure and AWS consist of the following:

Cloud Assessment and Strategy Solutions

FLANK’s cloud consulting, strategy, and architecture solutions for Azure and AWS are available for the SMB market in both North America and Europe. Our philosophy on cloud consulting is simple: Small enough to care, but large enough to get the job done.

Selection and Implementation of Cloud Based Tools

Both Azure and AWS offer almost a dizzying array of products and services, often making it a real challenge in terms of determining which solution to use, and them implementing them. What you need is a trusted cloud consultant who in helping your business select the proper tools, while also providing implementation and technical support throughout the entire process, and that’s FLANK. Moving to the cloud, while without question a smart decision in terms of cost-savings and efficiency, “can” be a challenging proposition without the proper guidance and expertise.

Information Security Policies and Procedures

Documentation is critical for today’s growing compliance mandates, and its why businesses all throughout the globe turn to FLANK as we offer comprehensive, easy-to-use, and implement InfoSec policies and toolkits. Name the regulation/standard/framework – PCI DSS, HIPAA, FISMA, ISO 270001/27002 – and we’ve got you covered with prescriptive documents available for immediate download today. Visit flank.org to learn more. Save yourself hundreds of hours and thousands of dollars by downloading documentation necessary for today’s compliance mandates.

Download the ISO 27001/27002:2013 All-in-One Toolkit

Researched and authored by industry leading ISO and InfoSec security experts, FLANK’s ISO 27001/27002: 2013 All-in-One Toolkit contains more than 534 pages of information security and operational specific policies, procedures, forms, checklists, templates – and more – documentation that maps directly to the actual ISO 27002: 2013 controls – an industry first! You’ll receive a complete set of MS Word policy and procedures templates for each of the ISO 27002:2013 security control clauses, along with numerous supporting policies and procedures for supporting the underlying ISO 27000 series of controls. Developing an Information Security Management System (ISMS) is now easier than ever, thanks to the ISO 27001/27002: 2013 Toolkit from FLANK. View the product data sheet to learn more.

The Leading Source for ISO 27000 Consulting & Documents

Contact FLANK today at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about our comprehensive consulting services for ISO 27000 series of publications (i.e., ISO 27001, 27002, 27005, 27017, 27032, and more), along with the very best InfoSec policy templates and toolkits found anywhere today. The world is awash with cybersecurity and regulatory compliance challenges, and FLANK stands ready to assist organizations today. Visit flank.org to learn more about our products and services.