ISO 27017: 2015 - Cloud Security Implementation
ISO 27017: 2015
Overview
In Coral, we have a formal methodology to fulfill and implement ISO 27017 cloud security requirements.
Our Approach to Successful ISO-IEC 27017 Implementation
Project Phases
PHASE I Context Establishment
In this phase we determine your business in line with Cloud. Questions such as what are the applications, services that are involved here. If you are a service provider, we determine whether you are SAAS, PAAS, or IAAS. This helps in determining which are the applicable areas to cover.
PHASE II Gap Analysis
This phase helps in determining the configuration in scope, in one hand, and determining the applicable requirement and their implementation maturity.
This phase ends with the following deliverables:
1. Applicable requirements
2. Status of each requirement
3. Recommendations – Technical and process to fulfill the gaps
PHASE III Control Design and documentation
This phase involves setting up applicable policies and support in implementation of gaps.
PHASE IV Tracking
This phase involves tracking the client risks, technical controls, and documentation on a weekly basis till all internal controls are adequately implemented.
PHASE VPerformance Tracking
This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.
PHASE VIInternal Audit
This phase involves verifying the governance system created for the organisation is well in place and ready to declare as ISO 27017 compliant.
At this stage the client has implemented the governance system in completeness.
