ISO 27017 is an addition to ISO 27001, that was released in 2015.
ISO 27017 is relevant for providers and customers of cloud services
The ISO 27017 add-on provides implementation guidelines for 37 annex A controls, suitable for both cloud service providers and/or customers.
Next to that, it introduces seven new controls, the numeration of these controls is compatible with the existing structure of Instant 27001.
- CLD.6.3.1 Shared roles and responsibilities within a cloud computing environment
- CLD.8.1.5 Removal of cloud service customer assets
- CLD.9.5.1 Segregation in virtual computing environments
- CLD.9.5.2 Virtual machine hardening
- CLD.12.1.5 Administrator’s operational security
- CLD.12.4.5 Monitoring of cloud services
- CLD.13.1.4 Alignment of security management for virtual and physical networks
Add-ons are delivered as a separate Confluence space backup. They can be merged into Instant 27001 using the provided instructions.
Excluding applicable taxes (read more)