Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Used with ISO/IEC 27001 series of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards, ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.
The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new cloud controls that address the following:
- Who is responsible for what between the cloud service provider and the cloud customer
- The removal/return of assets when a contract is terminated
- Protection and separation of the customer’s virtual environment
- Virtual machine configuration
- Administrative operations and procedures associated with the cloud environment
- Cloud customer monitoring of activity within the cloud
- Virtual and cloud network environment alignment
If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from.