Standard
ISO/IEC 27017 – Security Controls for Cloud Services
ISO/IEC 27017 provides additional guidance and controls for cloud service providers and customers, building on the ISO/IEC 27001 framework.
Benefits of ISO/IEC 27017
- Clarifies shared responsibilities for security in cloud environments.
- Provides cloud-specific control guidance aligned with ISO/IEC 27002.
- Helps assure customers about how their data and services are protected.
- Supports contractual commitments around security in the cloud.
- Strengthens your overall ISMS for cloud services.
How it works with 27001
- ISO/IEC 27017 is typically implemented as an extension to a 27001-certified ISMS.
- We assess how your cloud controls map to the additional guidance in 27017.
- Audit activities are usually combined with your main 27001 audit for efficiency.