ISO/IEC 27017

ISO/IEC 27017 gives guidelines for organizations on information security controls. This code of practice guides 37 specific controls for cloud services. These controls are based on 27002 standards. It is a code of practice for Information Security Controls based on ISO/IEC 27002 for Cloud Services Standard. Its implementation provides guidelines for information security controls applicable to Cloud services. This is also useful for organizations evaluating the security position of protracted cloud service providers.

ISO/IEC 27017 is the international code of practice and guideline published by the International Organization for Standardization (ISO), an independent, non-governmental international organization with 165 national standards bodies. This standard was last reviewed in 2021 and the latest version remains ISO/IEC 27017:2015.

This standard can be implemented by any organization, large or small, irrespective of its industry and field of activity. The standard is widely used by cloud service providers and cloud service customers to showcase their information security controls.

The benefits of ISO/IEC 27017 can be summarized as below:

  • Clarity over shared roles & responsibilities of cloud service providers and cloud service customers
  • Secures your information & assets and protects against disruptions
  • Documents critical procedures pertaining to operations
  • Allows cloud service customers to monitor activities within the cloud
  • Aligns security management of virtual as well as physical networks
  • Traceable documentation which improves consistency and reduces errors
  • Satisfied customers lead to customer retention & word of mouth marketing
  • Increased work efficiencies by streamlined processes
  • Increased revenue

Read More about ISO 27017

Read More