Understanding Cloud Security with IBITGQ: ISO 27017 & ISO 27018

Delve into their definitions, understand their differences, and learn about IBITGQ qualifications designed to equip you with expertise in these vital areas

Decoding the standards:

  • ISO 27017: Security Techniques for Cloud Environments
    • This standard builds upon ISO/IEC 27002, providing supplementary guidance for implementing its information security controls within Cloud computing environments.
    • It is ideal for organisations that offer Cloud services and already have an established ISMS (information security management system).
    • The standard offers a structured approach, mirroring the clauses of ISO/IEC 27002, with each clause addressing a specific aspect of information security in the Cloud context.
  • ISO 27018: Protection of PII in Public Clouds
    • This standard focuses on safeguarding personally identifiable information (PII) within public Cloud environments.
    • It equips organisations with the knowledge to select and implement appropriate security controls to ensure their customers' data confidentiality.
    • The scope of ISO 27018 is to establish common ground for handling PII by public Cloud providers acting as processors on behalf of their customers.

Key differences:

While both standards address Cloud security, their focus areas differ:

  • ISO 27017: Offers a broader framework for securing information assets in Cloud environments.
  • ISO 27018: Specifically targets the protection of PII within public Cloud environments.

IBITGQ Cloud security qualifications:

IBITGQ empowers you to excel in Cloud security with these qualifications:

Certified ISO 27017 Cloud Control Specialist:

  • This qualification deepens your understanding of security controls within an ISMS, specifically in Cloud environments.
  • You will explore how these controls differ from traditional implementations and gain insights into shaping end-user policies, service levels and supplier interaction.
  • Ideal for professionals with existing ISO 27002 knowledge who want to specialise in Cloud security controls.

This qualification covers:

  • The roles and relationships between Cloud service providers and customers;
  • The scope and compliance aspects of ISO/IEC 27017;
  • Extending ISO/IEC 27002 to cover Cloud service provider policies;
  • Extending ISO 27002 Clause 6 to encompass relationships with all parties;
  • Security risk identification and relevant mitigating controls;
  • Security boundaries of SaaS, PaaS, and IaaS models; and
  • Extending controls 8-12 of ISO 27002 to include relevant Cloud service parties.

Benefits:

  • Expand your knowledge: Gain a deeper understanding of Cloud security terminology for confident analysis of environments, contracts, and processes.
  • Professional development: Advance your career with a valuable certification in this critical field.
  • Propel your career: Stand out with this credential and be an early adopter in this growing area.
  • Increase your influence: Master the subject matter and make informed decisions with strength and clarity.
  • Go beyond compliance: Help organisations exceed minimum security standards and protect those who rely on Cloud services.
  • Develop a talented team: Invest in your workforce to have skilled professionals on your side.
  • Strengthen data governance: Ensure best practices in data governance and stay aligned with evolving regulations.
  • Mitigate risks: Eliminate blind spots and reduce liabilities and operational risks.

Who should attend?

This qualification is ideal for:

  • Cloud security professionals
  • SaaS product managers and product owners
  • Internal and lead auditors

Certified ISO 27018 Cloud Privacy Specialist

  • This qualification equips you to implement data privacy security controls in public Clouds as per the ISO 27018:2019 standard.
  • You will gain in-depth knowledge of securing data protection and privacy within Cloud environments.
  • This qualification is suited for those managing Cloud environments, relying on public Cloud data processors or working for a data processor.

This qualification covers:

  • Implementing data privacy security controls in public Clouds as per ISO 27018:2019.
  • Key EU, UK, and other privacy regulations and laws.
  • Roles and responsibilities of data processors and controllers.
  • Key terminology and concepts used in different standards and regulations.
  • Risk scenarios and limitations of mitigating controls.
  • How ISO 27002 applies to cover PII in the public Cloud.
  • Detailed obligations of a public Cloud PII processor.
  • Relevant access control, access management, and cryptography operations.
  • Protection of data at rest, including backup and restoration.
  • Incident management for PII in the Cloud.
  • Performing information security reviews via audit services and other means.

Benefits:

  • Expand your knowledge: Gain a deeper understanding of data privacy and data protection terminology.
  • Professional development: Advance your career with a sought-after certification.
  • Propel your career: Stand out with this valuable credential.
  • Increase your influence: Master the subject matter and make informed decisions.
  • Go beyond compliance: Help organisations navigate technicalities and negotiate for terms that protect PII.
  • Develop a talented team: Invest in your workforce with skilled professionals.
  • Strengthen data governance: Enhance data governance practices and stay aligned with evolving regulations.
  • Mitigate risks: Eliminate blind spots and reduce liabilities and operational risks.

Who should attend?

This qualification is ideal for:

  • Cloud security professionals
  • SaaS product managers and product owners
  • Legal advisers and compliance specialists
  • Data protection and data privacy specialists

Obtaining your qualification:

To obtain an ISO 27017 or ISO 27018 qualification through IBITGQ, you can choose from the following options:

  • Training organisation: Enrol in a comprehensive training programme offered by an IBITGQ-approved training organisation. These programmes provide in-depth knowledge and prepare you for the certification exam.
  • Exam voucher: Purchase an exam voucher directly from IBITGQ. This allows you to schedule the exam at a time and location that suits you.
  • Direct exam booking: Contact an IBITGQ-authorised exam provider to schedule your exam directly.

Understanding and implementing ISO 27017 and ISO 27018 standards is essential for organisations operating in the Cloud environment. IBITGQ's qualifications equip you with the expertise to navigate these complex standards, protect sensitive data and ensure compliance with regulatory requirements. By investing in these certifications, you can enhance your career, contribute to your organisation's security posture and make a significant impact in the field of Cloud security.

© 2025 IBITGQ | Privacy | Terms and Conditions

Powered by Kentico CMS