ISO/IEC 27017:2015 - Guidelines for security controls for cloud services.
ISO/IEC 27017:2015 (last updated on 15th Dec 2015 on iso.org) highlights various information security controls for cloud services' providers and consumers. It gives guidance on security controls / techniques for Code of practice based on ISO/IEC 27002 for cloud services. This cloud services IS controls paper - ISO/IEC 27017 supplements the guidance in ISO/IEC 27002 and indeed other ISO27k standards including ISO/IEC 27018 on the privacy aspects of cloud computing, ISO/IEC 27031 on business continuity, and ISO/IEC 27036-4 on relationship management, as well as all the other ISO27k standards.
It offers information security advice for both cloud service customers and cloud service providers, offering guidance for both parties side-by-side in each section. It recommends how 27002-based controls can be implemented in a cloud context, in addition to several cloud-specific IS controls.
Authored by Hussain Ali Ladha
Rate this article: