Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Why cloud software providers are embracing ISO27001


You can’t help but notice that the trend towards the cloud has now become a stampede, and choosing a cloud-based solution is rapidly becoming the default position of many organizations. This is even more true at the smaller end of the company size spectrum, where a new start-up can now gain access to the kind of computing power and functionality that previously was a major differentiator for the big boys.

But placing your data in the cloud carries obvious risks and prompts questions such as “where is my data?”, “how safe is it?” and “can I trust the cloud provider to look after it?”. These concerns are understandable and up to now have acted as a brake on the widespread adoption of cloud solutions. Customers want reassurance and they are becoming increasingly aware of what to look for when seeking that reassurance. The days when a few well-chosen words on the cloud provider’s website would satisfy these concerns are coming to an end; customers want proof of the provider’s commitment to security, and the best (and, in many cases, the only) proof they will accept is an ISO/IEC 27001 certificate.

The increasing demand for proof

In a recent conversation with a hosting provider in the UK who is trying to expand by hiring more sales staff, they explained that many of the interviewees became less interested in the job once they realized that the company wasn’t certified. The general feeling was that the lack of certification would hamper the sales process so much that the job would be an uphill struggle and presumably therefore not be as lucrative as it otherwise would. Based on their recruitment experience this company is now on the verge of achieving certification to ISO27001 and sees it as essential to competing in their marketplace.

And it’s not just customers that are showing an interest in the ISO27001 standard; we are increasingly hearing of various regulatory bodies who are now mandating certification to all, or at least major parts, of it too. Certainly the gambling commissions of many countries now require a long list of ISO27001 controls to be in place and the trend could well be towards full certification before too long. Similarly, the national bodies that oversee internet domain registrations are also going heavily down this route. We would expect more of this to happen as these regulatory bodies try to ensure they fulfil their brief to oversee their industry to the best of their ability.

ISO27001 is now an essential part of business strategy

Given these pressures to adopt the standard and certify to it, many cloud providers are now coming to the conclusion that it is an essential part of their business strategy. They are also realizing that it saves a lot of time in responding to the security sections of invitations to tender if they can simply state that they are ISO27001 certified. Add to that the fact that they are very visible and obvious targets for criminal gangs, hacktivists and even state-sponsored groups and the argument for putting in place a recognized way of managing their information security risks becomes even stronger.

The international appeal of a cloud-based solution means that most vendors have customers spread throughout the world and the fact that ISO27001 is an international standard, created by representatives from almost all countries and recognized as best practice worldwide, means that it is the clear choice.

Adoption is becoming widespread

ISO27001 adoption is increasing and, according to the ISO survey 2014 (the latest available at the moment) there are now nearly 24,000 certified organizations worldwide, with Japan and the UK leading the way. If we compare this with the number of organizations certified to the more general ISO9001 quality standard, which now stands at over one million, there is probably plenty of appetite remaining for greater adoption of ISO27001, particularly given the fact that the ISO has recently harmonized these standards together to make them easier to adopt as a pair.

So if you’re in the cloud business, ISO27001 is worth starting to read up about and consider adding it to your management and business agenda very soon, because it’s likely that the competition certainly is already.

Over 3000 businesses have purchased our toolkits


This was the most comprehensive tool kit we found. The main selling point was the fact that they are laid out in a clear logical order, precisely following the order of the ISO 27001:2013 standard.

Operations Assistant
Enterprise Insurance Company Plc

View all Testimonials