ISO 27017 – information security for cloud services
ISO 27017 extends ISO 27002 and, in conjunction with ISO 27001, offers both cloud service operators and companies that are cloud service customers a framework to implement specific measures for cloud services. The selection and implementation of specific security measures is based on the risk analysis required by ISO 27001.
- ISO 27017 is an extension of ISO 27002. Implementation in an existing ISMS according to ISO 27001 or in the course of setting up a new ISMS is therefore easy.
- The standard contains specific security measures for cloud service providers and cloud service customers. This greatly simplifies cooperation between the two.
- Internationally recognized standard
ISO 27017 can be certified together with ISO 27001.
Information on the project phases and the certification process can be found here.