- Original Registration Date: 2018-10-19
- Effective Date: 2024-05-10
- Latest Revision Date: 2024-04-24
- Expiry Date: 2027-05-09
ISO/IEC 27017 Cloud Service Information Security Management
ISO/IEC 27017 is the world's first international standard addressing information security management for the cloud computing industry. It is based on ISO/IEC 27002 and specifically tailored to serve as an operational framework for information security controls in cloud services development. It introduces a series of control requirements and implementation guidelines separately for both "providers" and "customers" of cloud services. Additionally, it adds seven specific control requirements for cloud services as an extension to the ISO 27001 standard.
The importance of cloud security in the operations of businesses in the digital era continues to grow. Implementing cloud security management is crucial to ensuring uninterrupted organizational operations, reducing the risk of attacks or data breaches, enhancing and maintaining competitive advantages, and strengthening the future operational blueprint of enterprises. Acer eDC, through cloud service certification systems and international standards such as CSA STAR, ISO 27017, and ISO 27018, stands as a high-quality choice for various enterprises seeking cloud services.
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002
- additional controls with implementation guidance that specifically relate to cloud services.
