ISO/IEC 27017 Code of practice for information security controls based on ISO/IEC 27002 for cloud services

---

ISO/IEC 27017:2015 is an international standard that provides guidelines for information security controls applicable to the provision and use of cloud services. It provides additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services.

This standard is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations¹.

Here are some key points about ISO/IEC 27017:

1. Integration with ISO/IEC 27002: ISO/IEC 27017 provides additional cloud-specific implementation guidance based on ISO/IEC 27002.
2. Addressing Cloud-Specific Threats: It provides additional controls to address cloud-specific information security threats and risks.
3. Applicable to Both Providers and Customers: This standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

In summary, ISO/IEC 27017 is a valuable tool for organizations that use cloud services. It helps them manage and protect their information assets so that they remain safe and secure, thus preserving their integrity, confidentiality, and availability. This is crucial for organizations that handle sensitive information in the cloud.