Skip to content
Please enter a keyword to search

  • CAN/CSA-ISO/IEC 27017:16

    Current The latest, up-to-date edition.

    Information technology Security techniques Code of practice for information security controls based on ISO/IEC 27002 for cloud services (Adopted ISO/IEC 27017:2015, first edition, 2015-12-15)

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  01-01-2016

    Publisher:  Canadian Standards Association

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    1 Scope
    2 Normative references
    3 Definitions and abbreviations
    4 Cloud sector-specific concepts
    5 Information security policies
    6 Organization of information security
    7 Human resource security
    8 Asset management
    9 Access control
    10 Cryptography
    11 Physical and environmental security
    12 Operations security
    13 Communications security
    14 System acquisition, development and maintenance
    15 Supplier relationships
    16 Information security incident management
    17 Information security aspects of business continuity
       management
    18 Compliance
    Annex A - Cloud service extended control set
    Annex B - References on information security risk related
              to cloud computing
    Bibliography

    Abstract - (Show below) - (Hide below)

    Specifies guidelines for information security controls applicable to the provision and use of cloud services by providing: - additional implementation guidance for relevant controls specified in ISO/IEC 27002; and - additional controls with implementation guidance that specifically relate to cloud services.

    Scope - (Show below) - (Hide below)

    Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27017" throughout. At the time of publication, ISO/IEC 27017:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: additional implementation guidance for relevant controls specified in ISO/IEC 27002; additional controls with implementation guidance that specifically relate to cloud services. This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Publisher Canadian Standards Association
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 27036-4:2016 Information technology Security techniques Information security for supplier relationships Part 4: Guidelines for security of cloud services
    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    ISO 31000:2009 Risk management Principles and guidelines
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO/IEC 27018:2014 Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
    ISO 19440:2007 Enterprise integration Constructs for enterprise modelling
    ISO/IEC 27036-3:2013 Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ISO/IEC 17203:2017 Information technology — Open Virtualization Format (OVF) specification
    ISO/IEC 27036-1:2014 Information technology Security techniques Information security for supplier relationships Part 1: Overview and concepts
    ISO/IEC 27036-2:2014 Information technology Security techniques Information security for supplier relationships Part 2: Requirements
    ISO/IEC 27040:2015 Information technology — Security techniques — Storage security
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    ISO/IEC 17789:2014 Information technology — Cloud computing — Reference architecture
    ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective