What is ISO/IEC 27017?

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing: - additional implementation guidance for relevant controls specified in ISO/IEC 27002; - additional controls with implementation guidance that specifically relate to cloud services. This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

Benefits of ISO 27017

  • Protect their information assets within the Cloud computing environment.
  • Comply with legal and regulatory requirements.
  • Reduce the risk of information security incidents.
  • Save costs by reducing the need for duplicate controls.

    • Some of the controls emphasised by the ISO 27017 standard include

  • The roles and responsibilities between the cloud service provider and the customer
  • Responsibilities at the end of the contract (such as the return, archiving or deletion of data)
  • Segregation, boundaries and security around various client’s cloud environments
  • Security use and configuration of virtual machines and components
  • Operational processes and procedures used by privileged users
  • Alignment of the cloud network environment
  • Monitoring of cloud services