ISO 27017 cloud security certification

In today’s technology-lead world, cloud computing applications and platform solutions are integral to most organisations and how they operate. 

ISO 27017 is the information security best-practice framework for cloud service providers and their customers.  It enables them to implement information security processes and procedures to ensure information stored in the cloud is safe and secure.

Who is responsible for cloud security?

Despite the importance of cloud services, there is a lack of confidence in the security of cloud service providers and their customers, with confusion over whose responsibility it is to protect the information that’s in the cloud.

The reality is, it’s both party’s responsibility. The cloud service provider’s (CSP) role is to mitigate the risk of an information security breach in the cloud and it’s the cloud service customer’s (CSC) responsibility to implement organisational information security controls and processes. 

What is ISO 27017?

Within the ISO 27000 family of standards, ISO 27017 is a code of practice outlining additional information security controls, specifically for cloud service providers and their customers.

ISO27017 certification from Lloyd’s Register clarifies both party’s responsibilities to help make cloud services as safe and secure as the rest of an organisation’s information. The standard provides cloud-based guidance on 37 of the controls in ISO 27002, but also features seven new cloud controls that address shared roles and responsibilities, the monitoring of cloud services activity, alignment of the security management of the virtual and cloud network environment and more.

Need help with ISO 27017?

LR has built a portfolio of certification and assessment services to ISO 27001, which includes other information security family standards, such as ISO 27017, ISO 27018 and ISO 27032. 

We specialise in management system compliance and can provide certification services to ISO 27017 where we will issue you with a Statement of Verification. This is a public and independent statement of your organisation’s capability to protect your information stored in the cloud. 

Why work with us


In the UK, LR was not only the first certification body to become accredited by UKAS (United Kingdom Accreditation Service), but also holds accreditation to provide certification and assessment services in any industry sector.  This means you can be confident that we have the information security expertise to carry out your assessment, no matter what industry you work in. 

Technical expertise 

At LR we make sure you’re assigned an assessor that is matched to your industry and business needs, aiding a thorough, value-added assessment. We add real value to your organisation by making appropriate recommendations to make sure your information stored in the cloud is protected.

Helping others

At LR we’re not owned by shareholders, but by the Lloyd’s Register Foundation, a charity that supports engineering-related research, education and public engagement.   The profits we generate help fund the Foundations work and enabling us to stand by our vision that drives us every single day: working together for a safer world.