ISO/IEC 27017

ISO/IEC 27017 Security controls for cloud services

Security controls for cloud services

Virtual Online Trainings for you on our Connected Learning Live Platform
Connect with us : +91 80815 80815

Security controls for cloud services

Virtual Online Trainings for you on our Connected Learning Live Platform
Connect with us : +91 80815 80815

Red Overlay
ISO/IEC 27017 Security controls for cloud services
ISO/IEC 27017 Security controls for cloud services
Red Overlay

ISO/IEC 27017

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Used with ISO/IEC 27001 series  of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new  cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation  of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual  and cloud network environment alignment

If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from


How our BSI verification works




ISO/IEC 27017 Training Course

This course helps you clearly identify who is responsible to manage the different security risks and ensure the appropriate cloud security controls are in place so you can maintain a resilient ISMS.