ISO 27017 and ISO 27018 Certification

Comprehensive services for your cloud security

Many people rely on cloud services for storage space, computing power or even application software in their everyday lives. In addition to the conveniences the cloud offers, however, there are risks, such as unauthorized access to personal data that can result in its loss or compromised integrity. User demands on the security of cloud services are therefore particularly high.

Our experts offer cloud service providers comprehensive security support with two certifications--ISO 27017 and ISO 27018. ISO 27017 certification demonstrates cloud service security to users, while ISO 27018 certification ensures that personal data is processed securely.

About ISO 27018 and 27018 certification

Just a few steps to cloud certification
ISO 27017 and ISO 27018, both based on ISO 27001, have been specially adapted to the specific requirements of cloud service providers. ISO 27017 is primarily concerned with the relationship between providers and their customers. As part of the ISO 27017 audit, our experts help you identify key security elements that improve the quality and reliability of your cloud services.
ISO 27018 specifically addresses the requirements of data protection law. The focus here is mainly on the processing of personal data within the cloud.
Certification is based on ISO 27001 supplemented by the applicable standard. Depending on your individual needs, we offer certification for both standards combined or each one independently.
Certification procedure according to ISO 27017 / ISO 27018
  1. Informational meeting
    Clarification of open questions, joint planning of next steps, project discussion or optional pre-audit
  2. Document review & on-site audit
    Readiness assessment and review of the management system description, ability to deliver quality customer service, implementation of documented statements in day-to-day operations
  3. Audit report and assessment
    On-site visit report and management system assessment
  4. Certification and DEKRA seal
    Upon successful completion of the certification criteria, conferral of certificate and our recognized DEKRA seal (with a 3-year maximum validity)
  5. Annual surveillance audit
    A monitoring audit is carried out every 12 months
  6. Recertification
    Three years after initial certification, steps 2 to 6 are repeated for recertification

Improved cloud security thanks to comprehensive expertise

  • We are a reliable, independent partner with many years of experience and expertise in the field of IT security. Our specialized staff is equipped with the resources to offer our clients optimal support.
  • With our extensive portfolio of approval and accreditation services, we can carry out additional or combined certifications. For example, in the area of IT security, we provide certification services based on ISO 20000 or TISAX® as well as in the area of quality assurance according to ISO 9001 .