I.S. EN ISO/IEC 27017:2021
Current
The latest, up-to-date edition.
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
Hardcopy , PDF
English
07-02-2021
For Harmonized Standards, check the EU site to confirm that the Standard is cited in the Official Journal.
Only cited Standards give presumption of conformance to New Approach Directives/Regulations.
Dates of withdrawal of national standards are available from NSAI.
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Cloud sector-specific concepts
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental security
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity management
18 Compliance
Annex A – Cloud service extended control set
Annex B – References on information security risk related to cloud computing
Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.