In Coral, we have a formal methodology to fulfill and implement ISO 27017 cloud security requirements.
In this phase we determine your business in line with Cloud. Questions such as what are the applications, services that are involved here. If you are a service provider, we determine whether you are SAAS, PAAS, or IAAS. This helps in determining which are the applicable areas to cover.
This phase helps in determining the configuration in scope, in one hand, and determining the applicable requirement and their implementation maturity.
This phase ends with the following deliverables:
1. Applicable requirements
2. Status of each requirement
3. Recommendations – Technical and process to fulfill the gaps
This phase involves setting up applicable policies and support in implementation of gaps.
This phase involves tracking the client risks, technical controls, and documentation on a weekly basis till all internal controls are adequately implemented.
This phase involves showcasing client with changes in a given period by providing change specific score of compliance between 0 -100% compliance.
This phase involves verifying the governance system created for the organisation is well in place and ready to declare as ISO 27017 compliant.
At this stage the client has implemented the governance system in completeness.