Standards and subscriptions
Browse our information security management standards to help your organization manage and protect your information assets
.
Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Used with ISO/IEC 27001 series of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.
The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new cloud controls that address the following:
If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from