ISO/IEC 27017 Code of practice for information security controls for cloud services. based on ISO/IEC 27002

(Non accredited or referenced on the 27001 certificate as add-on)

The ISO/IEC 27017 represents a standard that extends ISO/IEC 27001 to provide guidelines for information security in the field of cloud computing. This standard offers additional explanations and versions for implementing information security controls in cloud services.

ISO/IEC 27017 is designed to assist cloud service providers and their users in understanding and responding to security risks that may arise in the cloud computing environment. This standard provides guiding principles and control measures that should be taken into account to ensure the security of information in this specific environment.

A prerequisite for implementing the standard is certification or simultaneous certification according to the ISO/IEC 27001 standard.