Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

Why ISO27001 is a No Brainer for Cloud Service Providers



The cloud is here. I don’t think anyone doubts this now; what started as an unusual business and technology model a few short years ago with innovators like has now become almost a de facto way of implementing new services for organizations large and small.

Cloud Service Providers (CSPs) from a significant part of the CertiKit customer base so we thought we’d take a look at why so many companies in this growing industry are getting themselves certified.

Internet security concept. Flat design. Icon in turquoise circle on white background

Huge Data Stores

Idea behind the cloud is great, because it leverages big economies of scale to make processing facilities available at a fraction of the cost that it would take for a single company to do it themselves. It allows even the smallest company to do what previously was the preserve of those with big IT budgets.

But the downside is that we now have a huge store of data from many companies all in one place. This presents a much more attractive target for hackers to go at because, not only does it have to be internet-accessible, but there is only one set of security controls to breach in order to get access to all that lovely data. So many CSPs feel as though they have a big round target painted on their backs, and “threat actors” from all over the world are queuing up to try their luck.

It's a Reputation Business

Ask any CSP what their most valuable asset is, the one they fear to lose the most, and they may well tell you that it’s their reputation. The cloud is a competitive market and customer loyalty is in many cases a thing of the past. So if a CSP suffers a security incident in which information is lost then that can affect their reputation and so lose them many customers. The press love a good hacking story, whichever country you’re in, so the chances of keeping it quiet are pretty slim.

Stricter Regulation

Furthermore, even if you weren’t required to make an incident public before, chances are you will in the future. Many states of the USA have mandatory breach notification laws and with the coming of the European Union’s General Data Protection Regulation (GDPR) in 2018, companies will be more obligated than ever to tell the world when something bad happens. Add to this the increase in the fines applicable if an organization is judged not to have protected personal data effectively (up to 4% of worldwide turnover) and the stakes have definitely risen.

More Discerning Customers

All of this hasn’t escaped the notice of most corporate customers of CSPs; they don’t want to be publicly shamed and fined any more than the CSPs they use do. So they now look very carefully at the CSPs they consider making use of to get a fair degree of reassurance that their data will be protected. And how do they judge that?

Enter ISO27001

By asking whether the CSP has ISO27001 certification. This tells them that the CSP has an Information Security Management System (ISMS) in place and is actively managing its information security risks and controls. This is testified to by a reputable third party, a Registered Certification Body (RCB) who has audited the CSP and issued a certificate to say they meet the ISO27001 standard.

Benefits for CSPs

So what does all this mean for the CSPs themselves? Well, it means that:

  • They are less likely to have their reputation affected by an information security breach and so lose existing customers
  • They are less likely to be publicly censured and fined
  • They attract more customers because they are seen to value information security
  • They spend less time filling in customer questionnaires because customers accept their ISO27001 certification as proof of their commitment to information security

All of which adds up to a solid business case to become certified to the ISO27001 standard.

And if you use the CertiKit ISO27001 Toolkit, you will get there even quicker.

Over 3000 businesses have purchased our toolkits


Easy to follow, complete, logical setup and approach, and the templates are very easy to customize with company branding.

ReMark International

View all Testimonials