supernav-iconJoin Us at AWS re:Invent 2024

Contact Sales

  • Sign In
  • Get Started
HomeBlogCCM, ISO 27017, and ISO 27018

CCM, ISO 27017, and ISO 27018 Now Available in Drata

Drata has added CCM, ISO 27017, and ISO 27018 to our compliance automation solution to elevate your compliance program and showcase a highly secure and protected product to your customers.
Ari Mojiri Headshot

by Ari Mojiri

August 30, 2023
CCM and ISO Blog Header
Contents
What is CCM?What are ISO 27017 and 27018?How Drata Automates It All

Your company is scaling up, and we’re growing right alongside you. Our latest additions to Drata include compliance management for CSA Cloud Controls Matrix (CCM), ISO 27017, and ISO 27018. All geared toward cloud security, these frameworks enhance data protection and assure your customers that their information is stored safely and securely.

What is CCM?

The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. This framework helps organizations assess the risks associated with cloud computing providers, making it the go-to standard when it comes to securing the cloud environment.

The Cloud Security Alliance (CSA) developed the matrix in conjunction with cloud service providers, industry players, enterprises, and governments. It is a comprehensive and flexible cloud security standard, and it compliments other security and privacy standards very well, allowing for businesses to build on top of what they already have in place.

How CCM Can Unify Your Security

CCM brings alignment and standardization for organizations looking to implement uniform security parameters across the cloud. This is especially important for businesses who have struggled to keep up with the increasing amount of digital transformation and adoption of cloud technologies. 

What are ISO 27017 and 27018?

These are additional ISO standards that can be included with an ISO 27001 certification. Adding these to a compliance program demonstrates a company’s dedication to ensuring data privacy and security at every level.

ISO 27017

Written for organizations involved with cloud solutions, ISO 27017 provides guidance on how to implement ISO 27001 Annex A controls specifically in the area of cloud security. Not only can businesses better comply with legal and regulatory requirements, but ISO 27017 can also reduce the risk of information security incidents.

ISO 27018

ISO 27018 provides guidance on how to implement ISO 27001 Annex A controls for cloud service providers to ensure they are processing personal data securely. Implementing ISO 27018 improves PII protection and builds trust between companies and their customers, assuring them of the continuous protection of their data.

How Drata Automates It All

With continuous control monitoring, automated evidence collection, and an auditor hub, Drata can manage CCM compliance, ISO 27017, and ISO 27018. Here’s a quick look at how we simplify the management of these frameworks for you:

  • Policy creation: Write your own policies using our policy templates, make changes to existing policies, and easily map them to your controls.

  • Control development: Create new controls or make changes to existing controls with one central view of your overall readiness and guidance from our compliance advisory team.

  • Streamlined auditing: Auditors can use our Audit Hub feature to automatically collect evidence while performing audits.

  • In-app information: Find the additional requirements for both ISO 27017 and ISO 27018 directly within Drata to get started.

These additions can elevate your compliance program and showcase your prioritization of offering a highly secure and protected product. To add these frameworks and guidelines to your compliance program, reach out to your customer success manager.

If you’re not a Drata customer, schedule some time with our team to see how you can automate your journey to compliance and set yourself apart from competitors with a security-first approach.

Trusted Newsletter
Resources for you
Evidence Library Blog Header

Streamline Evidence Collection with Our New Evidence Library

ISO 27001 checklist hero

ISO 27001 Checklist: 8 Easy Steps to Get Started

ISO 27001 2022 update

What’s New in ISO 27001:2022? Here's Everything You Need to Know

TrustCenter-Launch-Social-ImagesFeature-Blog-Image

Introducing Trust Center: Earning Trust Just Got Easier

Ari Mojiri Headshot
Ari Mojiri
Senior Manager, GRC Office
Related Resources
Evidence Library Blog Header

Streamline Evidence Collection with Our New Evidence Library

ISO 27001 checklist hero

ISO 27001 Checklist: 8 Easy Steps to Get Started

ISO 27001 2022 update

What’s New in ISO 27001:2022? Here's Everything You Need to Know

TrustCenter-Launch-Social-ImagesFeature-Blog-Image

Introducing Trust Center: Earning Trust Just Got Easier