ISO/IEC 27017

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Used with ISO/IEC 27001 series  of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new  cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation  of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual  and cloud network environment alignment

If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from





Why choose BSI?

We pioneered standards more than 100 years ago and today we’re the market leader. We help over 80,000 organizations ranging from top global brands to small ambitious businesses in 172 countries worldwide to gain an edge over their competition. As one of the few organizations that understands standards from start to end, we don’t only assess how well you’re meeting them, we create new standards from scratch and train teams globally to use them and perform better. Our knowledge can transform your organization.