PL EN
PL EN
787 974 136
731 901 601
Implementation methodology Standard information Benefits Testimonials
DJB Doradztwo Implementations ISO 27017

ISO 27017 Protection of Personal Data in Cloud Computing

With our help, you will implement ISO 27017

Certyfikat Certificate with guaranteed certification
Czas Fast implementation
Puzzle Tailored to your company's needs
Bez papierologii No unnecessary paperwork

Over 5,000 small, medium, and large companies have trusted us over 25 years:

xerox brother good-mills promedica 24 stalesia norvacc holidayin eisberg univar hanarol mwv lot parp minimax
Request a free quote

fill out the form or call us

787 974 136 731 901 601
Certificate guarantee
Bezpieczne dane

Your data is safe with us.
We care about your privacy.

Implementation Methodology

Discover our unique implementation methodology that guarantees
successful certification.

ISO/IEC 27017 – Practical guidelines for information security based on ISO/IEC 27002 for cloud services. ISO/IEC 27017 provides guidance on the 37 control areas in ISO/IEC 27002 and introduces seven new control areas not previously included in ISO/IEC 27002. Furthermore, the requirements set out in the document are not limited solely to technology providers, but also define the relationship between the provider and the customer, taking into account a holistic approach to the implementation of cloud computing services within an organisation.
1 Audit
A customer using cloud services should agree with the service provider on an appropriate division of responsibilities regarding information security and obligations. Responsibilities regarding information security should be specified in contracts. The scope of the audit include an analysis of the requirements of ISO/IEC 27001 and ISO/IEC 27002 in terms of compliance with ISO/IEC 27017:
  1. Information security policies
  2. Information security organisation
  3. Human resources security
  4. Asset management
  5. Access control
  6. Cryptography
  7. Physical and environmental security
  8. Operational security
  9. Communication security
  10. System acquisition, development and maintenance
  11. Relations with suppliers
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance
Step 1: Audit
2 Stage two
In stage two, procedures and policies compliant with the ISO/IEC 27017 standard will be developed:
  1. Shared roles and responsibilities in a cloud computing environment
  2. Deletion of a cloud service customer’s resources
  3. Segregation in virtual computing environments
  4. Virtual machine security
  5. Administrator operational security
  6. Monitoring of cloud services
  7. Adaptation of security management for virtual and physical networks
Step 2: Stage two
3 Training
Conducting training on the ISO/IEC 27017 standard:
  1. context, purpose and scope of ISO/IEC 27017
  2. structure of the ISO/IEC 27017 standard
  3. implementation of security measures under ISO/IEC 27017 and integration with ISO/IEC 27001
  4. typical information security threats relating to personal data processed in the cloud
Step 3: Training
4 System review
We conduct internal audits. We assist in developing information security objectives and in carrying out a management review.
Step 4: System review
5 Advisory Support
We help select a certification body and support you during the certification process.
Step 5: Advisory Support

What We Provide to Our Clients

Certyfikat
Guarantee of obtaining certification
Procedury
Development of all procedures and instructions
Zegar
Fast and efficient implementation
Certyfikat
Training confirmed with certificates

Information about ISO 27017

Who is it for?

The ISO 27017 standard – based on ISO 27001 (which standardises information security management systems) – was developed for the benefit of all organisations (regardless of the nature of their activities, size or legal form) that provide cloud services. These include:

  • private companies,
  • public institutions,
  • government bodies,
  • non-profit organisations.

The ISO 27017 standard concerns information security in cloud computing in the broadest sense. It therefore also includes recommendations for service recipients. It enables the security of the relationship between the provider and customers to be defined.

A prerequisite for obtaining ISO 27017 certification is existing or concurrent certification of an information security management system compliant with ISO 27001.

Information about the standard

ISO 27017 (actually ISO/IEC 27018, as it is also a standard of the International Electrotechnical Commission) is an international standard providing guidance on the provision and use of cloud computing services. It is based on ISO 27002 (which sets out principles for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management systems), but extends its guidelines and introduces seven new control areas concerning:

  • responsibilities in the relationship between the cloud service provider and the customer,
  • the deletion (or return) of information following the termination of the relationship,
  • the separation and protection of the customer’s virtual environment,
  • the configuration of virtual machines,
  • procedures and actions taken in connection with cloud data processing,
  • the monitoring of customer activity when using cloud services,
  • the adaptation of the virtual network and cloud computing environment to ensure the highest security standards.

The ISO 27017 standard is unique in the field of information technology, as it sets out requirements not only for providers but also for customers of cloud services. This minimises the risk associated with the fact that data stored in the cloud is exposed to a particularly wide range of threats.

Benefits of implementation

Implementing the ISO 27017 standard enables an increase in the security level of information stored and processed in the cloud. It also allows for continuous verification and rapid response to potential threats. A company that opts for ISO 27017 certification can expect an increase in trust from customers and business partners who want a guarantee that their data (including personal data) is well protected.

ISO 27017 certification has a very positive impact on a company’s image, thereby increasing its growth potential. By implementing the highest standards of information security in cloud computing, a company gains:

  • the opportunity to operate in global markets where ISO 27017 is a widely recognised standard,
  • a competitive advantage in marketing activities – certification sets the company apart from those that have not implemented ISO 27017,
  • protection of the company’s reputation, which, in the event of information security breaches (particularly involving customers’ personal data), is particularly vulnerable to the spread of negative publicity.

Although the implementation of ISO standards is not a legal obligation, a breach of personal data protection is subject to criminal liability. As ISO 27017 ensures that information security procedures comply with applicable regulations, the application of the practices described in the standard minimises the risk of potential penalties.

Testimonials

See what our clients say about our implementations

Philips
"PHILIPS POLSKA SP. Z O.O., headquartered in Warsaw, is pleased to recommend the consulting services provided by DJB Doradztwo Marcin Chorąży.

The work carried out by DJB Doradztwo fully met our quality expectations. It was individually tailored to the needs and specific nature of our organization, as well as to the expectations we had defined. The consultant assigned to the project demonstrated the appropriate competencies and extensive knowledge of the ISO 9001:2015 standard, and was always available to offer help and advice whenever needed."
PHILIPS POLSKA SP. Z O.O.
View testimonials
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi - logo
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi
On behalf of the Wojewódzki Specjalistyczny Szpital im. Pirogowa, I recommend DJB Doradztwo Marcin Chorąży as a firm that prepares organizations for the implementation of a Quality Management System in accordance with the requirements of the ISO 9001:2015 standard. We began our cooperation with DJB Doradztwo in 2017 and continue it to this day. The scope of our collaboration focused on issues related to the implementation of the system. The consultant working with our hospital demonstrated extensive subject matter expertise and conveyed a great deal of valuable information regarding the requirements of the standards, their application, and the principles of conducting the internal audit process in an accessible and engaging manner. In our opinion, DJB Doradztwo Marcin Chorąży is a reliable and highly recommended contractor for the implementation of the ISO 9001:2015 system.
Director of the M. Pirogov W.S.S.Roman Bocian, MD, PhD
View testimonials
CONTROL SYSTEM FMN - logo
CONTROL SYSTEM FMN Sp. z o.o. collaborated with DJB Doradztwo on the comprehensive adaptation of the ISO 9001:2009 system to the requirements of the new ISO 9001:2015 standard, DJB Doradztwo undertook to perform all necessary activities to enable our company to obtain the ISO 9001:2015 certificate, in particular: The employees of DJB Doradztwo performed their tasks in a professional manner. The company is characterized by timeliness and flexibility in problem-solving, as well as respect for the Client's interests.
The DirectorBożena Zawalska
View testimonials
Urząd Lotnictwa Cywilnego - logo
Urząd Lotnictwa Cywilnego is delighted to recommend the services of DJB Doradztwo Marcin Chorąży in the area of implementing the new ISO 9001:2015 quality management system standard. All of the consultant's activities were tailored to our specific needs and expectations. The consultant demonstrated extensive knowledge of the ISO 9001:2015 standard, which enabled him to suggest many valuable solutions. The documentation was prepared with care and precision. The training sessions conducted as part of the implementation were engaging and allowed us to gain a deeper understanding of the requirements of the new ISO 9001:2015 standard.
Director of the CEO's OfficeMagdalena Kapuśniak
View testimonials
View all testimonials
Djb Doradztwo

DJB DORADZTWO
Marcin Chorąży

ul. Kilińskiego 121 C / 152
90-049 Łódź
Offer
Company
Copyright 2026 DJB Doradztwo
Privacy Policy Contact