ISO/IEC 27017
Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.
What is ISO/IEC 27017?
ISO/IEC 27017:2015 provides guidelines for information security controls applicable to the provision
and use of cloud services by providing:
- Guidelines for implementing relevant controls specified in ISO/IEC 27002
- Additional controls with implementation guidance for cloud service providers and customers.
Who can apply for ISO/IEC 27017?
This certification is applicable to all types and sizes of organizations, including public and private
companies, government entities and not-for-profit organizations, which provide information
processing services as Personally identifiable information (PII) processors via cloud computing under
contract to other organizations.