Skip to content

v1.0 — ISO/IEC 27017:2015 + ISO/IEC 27018:2019 Cloud Security Toolkit

Latest

Choose a tag to compare

@Ankit-Uniyal Ankit-Uniyal released this 28 Apr 18:31
afe1706

Initial Release

A practical, audit-ready implementation toolkit for ISO/IEC 27017:2015 (Cloud Security Controls) and ISO/IEC 27018:2019 (PII Protection in Public Clouds), aligned to ISO 27001:2022 and ISO 27002:2022.

What's Included

  • Gap Assessment — Cloud security gap assessment checklist covering all 27017 + 27018 controls
    • Cloud Policies — Cloud Security Policy, Cloud PII Policy, Cloud Acceptable Use Policy
    • Scope & Context — Scope statement, asset/PII inventory, issues register, interested parties, legal register
    • Leadership — Governance, RACI matrix, CSO terms of reference, leadership commitment
    • Planning — Risk assessment methodology, risk register, risk treatment plan, Statement of Applicability (SoA)
    • Operations — Shared responsibility matrix, breach response, DPIA, DSR, cross-border transfer, encryption & key management
    • ISO 27017 Controls Reference — All 7 cloud-only CLD controls + 37 ISO 27002 extensions
    • ISO 27018 Controls Reference — Full Annex A PII processor obligation catalogue
    • Evidence Packs — Audit-ready evidence templates (access review, vulnerability scan, CAR records)
    • Worked Example — End-to-end Nexus Cloud Services Ltd worked implementation
    • Python GRC Scriptscloud_soa_tracker.py, cloud_gap_checker.py, dpia_cloud_scorer.py with requirements.txt
    • Cross-Mapping — GDPR, UAE PDPL, NIST CSF 2.0, CSA CCM v4, SOC 2, FedRAMP
    • Supplementary Templates — DPA template, CSA review checklist, supplier assurance questionnaire, privacy notice, certification readiness checklist

Standards Covered

Standard Scope
ISO/IEC 27017:2015 Cloud-specific security controls (CSP + CSC)
ISO/IEC 27018:2019 PII protection in public clouds (PII processors)
ISO/IEC 27001:2022 ISMS framework alignment
ISO/IEC 27002:2022 Control implementation guidance