ISO 27017 is an addition to ISO 27001, that was released in 2015.

ISO 27017 is relevant for providers and customers of cloud services

The ISO 27017 add-on provides implementation guidelines for 37 annex A controls, suitable for both cloud service providers and/or customers.

Next to that, it introduces seven new controls, the numeration of these controls is compatible with the existing structure of Instant 27001.

  • CLD.6.3.1 Shared roles and responsibilities within a cloud computing environment
  • CLD.8.1.5 Removal of cloud service customer assets
  • CLD.9.5.1 Segregation in virtual computing environments
  • CLD.9.5.2 Virtual machine hardening
  • CLD.12.1.5 Administrator’s operational security
  • CLD.12.4.5 Monitoring of cloud services
  • CLD.13.1.4 Alignment of security management for virtual and physical networks

Add-ons are delivered as a separate Confluence space backup. They can be merged into Instant 27001 using the provided instructions.


  • ISO 27017 add-on: € 995 (for existing Instant 27001 clients)
  • Instant 27001 + ISO 27017 add-on: € 2990

Excluding applicable taxes (read more)

Start your ISO 27001
journey today!

Order now   Book a demo