ISO/IEC 27017 Security Controls for Cloud Services

ISO/IEC 27017 Security Controls for Cloud Services

Red Overlay
ISO 27017 hero banner image
ISO 27017 hero banner image
Red Overlay

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Used with ISO/IEC 27001 series  of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

The standard provides cloud-based guidance on 37 of the controls in ISO/IEC 27002 but also features seven new  cloud controls that address the following:

  • Who is responsible for what between the cloud service provider and the cloud customer
  • The removal/return of assets when a contract is terminated
  • Protection and separation  of the customer’s virtual environment
  • Virtual machine configuration
  • Administrative operations and procedures associated with the cloud environment
  • Cloud customer monitoring of activity within the cloud
  • Virtual  and cloud network environment alignment

If you work for a cloud service provider or are looking to move your business to the cloud, our ISO 27017 Overview can help you understand the key areas of the standard, more about the 7 new controls and how organizations can benefit from


How will a cloud service provider benefit from ISO/IEC 27017 certification?

  • Inspires trust in your business  – provides greater reassurance to your customers and stakeholders that data and information is protected.
  • Competitive advantage – demonstrates robust controls are in place to protect data
  • Protects your brand reputation – reduces the risk of adverse publicity due to data breaches.
  • Protects against fines – ensures that local regulations are complied with reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries making it easier to do business globally and gain access as a preferred supplier.

How will cloud service customers benefit from ISO/IEC 27017 training?

ISO/IEC 27017 is a unique technology standard in that it provides requirements for the customer as well as the cloud service provider.  IT Managers and other technical staff responsible for moving organizations to the cloud or expanding a cloud service engagement can reduce risks to their business by ensuring they understand their responsibilities and make more insightful decisions around their choice of provider(s). 


ISO/IEC 27001:2022 Roadshow - Cloud and Digital Supply Chain

Learn more about ISO/IEC 27017 Cloud services and Digital Supply Chain with David Mudd, Assurance Global Head of Digital Trust and Mark Brown, Managing Director, BSI Digital Trust Consulting.

Watch here

Why choose BSI?

We pioneered standards more than 100 years ago and today we’re the market leader. We help over 80,000 organizations ranging from top global brands to small ambitious businesses in 182 countries to gain an edge over their competition. As one of the few organizations that understands standards from start to finish, we don’t only assess how well you’re meeting them, we create new standards from scratch and train teams globally to use them and perform better. Our knowledge can transform your organization.