Certification Context

ISO/IEC 27017 defines a set of cloud-specific security controls for both cloud service providers and cloud service customers.

Within this framework, ACTAINFO aligns its cloud operations with:

• cloud security control enhancement
• shared responsibility model governance
• secure cloud service configuration
• risk mitigation in cloud environments

Cloud Security Governance Model

The implementation covers structured governance of cloud environments, including:

• SaaS application infrastructures
• cloud-based digital platforms
• data hosting and processing systems
• hybrid digital environments

All systems are managed under a cloud-native security governance model.

Key Cloud Control Areas

Security controls are applied across:

• cloud service configuration and hardening
• access management in cloud environments
• data segregation and isolation mechanisms
• secure administration and operational controls
• monitoring of cloud-based activities

These controls ensure consistent security enforcement across distributed environments.

Shared Responsibility Framework

Security in cloud environments is structured around a shared responsibility model, defining clear boundaries between:

• service provider responsibilities
• platform/infrastructure responsibilities
• application-level responsibilities

This ensures clarity, accountability, and reduced operational risk.

Risk & Compliance Alignment

Cloud security controls are continuously aligned with:

• ISO/IEC 27001 ISMS framework
• ISO/IEC 27018 privacy controls (where applicable)
• organizational risk management policies
• regulatory compliance requirements

The objective is to maintain a coherent multi-layer security architecture.