ISO/IEC 27017:2015 – Security Controls for Cloud Services

Service

Organizational systems certification

Sector

Information and data security

Regulatory reference

ISO/IEC 27017:2015

Description

ISO/IEC 27017:2015 is an international standard that provides guidelines for information security in cloud services. Introduces controls specific to the cloud context, aimed at both cloud providers and customers. It includes measures to manage and mitigate security risks, such as separation of virtual environments, secure management of shared resources, and protection against unauthorized access. The goal is to improve security and trust in the use of cloud services, both public and private.

Mandatory or voluntary?

Voluntary

Advantages

Risk Reduction: Improve protection against data breaches and cyber attacks.
Customer Trust: Increase customer trust in cloud services by demonstrating a commitment to information security.
Regulatory Compliance: Helps businesses meet data protection and information security regulations.
International Standardization: Provides a globally recognized framework for managing security in the cloud.

Can be integrated with

ISO/IEC 27001
ISO/IEC 27018:2019

Is this the certification you were looking for?

Let's find out together, fill out the form and request a free consultation