ISO/IEC 27017:2015
Current
The latest, up-to-date edition.
Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
French, English
30-11-2015
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
Committee |
ISO/IEC JTC 1/SC 27
|
DocumentType |
Standard
|
Pages |
41
|
ProductNote |
THIS STANDARD IS ALSO REFERES TO SP 800‑145
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Standards | Relationship |
CEI UNI EN ISO/IEC 27017:2021 | Identical |
NF EN ISO/IEC 27017:2021 | Identical |
UNI CEI EN ISO/IEC 27017:2021 | Identical |
PN-EN ISO/IEC 27017:2021-07 | Identical |
EN ISO/IEC 27017:2021 | Identical |
NS-EN ISO/IEC 27017:2021 | Identical |
JIS Q 27017:2016 | Identical |
NEN-EN-ISO/IEC 27017:2021 | Identical |
I.S. EN ISO/IEC 27017:2021 | Identical |
NEN ISO/IEC 27017 : 2015 | Identical |
CAN/CSA-ISO/IEC 27017:16 | Identical |
PN ISO/IEC 27017 : 2017 | Identical |
BS ISO/IEC 27017:2015 | Identical |
NS ISO/IEC 27017 : 2015 | Identical |
ÖVE/ÖNORM EN ISO/IEC 27017:2021 11 01 | Identical |
PN-EN ISO/IEC 27017:2021-07/Ap1:2024-08 | Identical |
BS EN ISO/IEC 27017:2021 | Identical |
PNE-ISO/IEC 27017 | Identical |
UNE-EN ISO/IEC 27017:2021 | Identical |
18/30346433 DC : 0 | BS ISO/IEC 19086-4 - INFORMATION TECHNOLOGY - CLOUD COMPUTING SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 4: SECURITY AND PRIVACY |
BS ISO/IEC 19086-1:2016 | Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts |
CSA TELECOM ORGANIZATIONS PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR |
ISO/IEC 27009:2016 | Information technology Security techniques Sector-specific application of ISO/IEC 27001 Requirements |
BS EN ISO/IEC 27000:2017 | Information technology. Security techniques. Information security management systems. Overview and vocabulary |
CEN/TS 17159:2018 | Societal and citizen security - Guidance for the security of hazardous materials (CBRNE) in healthcare facilities |
ISO/IEC 27000:2018 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
ISO/IEC 27036-4:2016 | Information technology Security techniques Information security for supplier relationships Part 4: Guidelines for security of cloud services |
BS ISO/IEC 27000 : 2016 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
BS ISO/IEC 38505-1:2017 | Information technology. Governance of IT. Governance of data Application of ISO/IEC 38500 to the governance of data |
ISO/IEC 19086-1:2016 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts |
ISO/IEC TR 38505-2:2018 | Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management |
BS ISO/IEC 27009:2016 | Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements |
18/30348902 DC : 0 | BS ISO/IEC 21878 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY GUIDELINES FOR DESIGN AND IMPLEMENTATION OF VIRTUALIZED SERVERS |
BS ISO/IEC 27036-4:2016 | Information technology. Security techniques. Information security for supplier relationships Guidelines for security of cloud services |
I.S. EN ISO/IEC 27000:2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY (ISO/IEC 27000:2016) |
CSA ISO/IEC 27009 : 2018 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECTOR-SPECIFIC APPLICATION OF ISO/IEC 27001 - REQUIREMENTS |
CSA INFORMATION SECURITY PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION |
CSA ISO/IEC 27000 : 2018 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
BS ISO/IEC 19941:2017 | Information technology. Cloud computing. Interoperability and portability |
17/30349211 DC : 0 | BS ISO/IEC 29147 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - VULNERABILITY DISCLOSURE |
16/30316173 DC : 0 | BS ISO/IEC 19086-1 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 1: OVERVIEW AND CONCEPTS |
16/30275200 DC : 0 | BS ISO/IEC 27036-4 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY FOR SUPPLIER RELATIONSHIPS - PART 4: GUIDELINES FOR SECURITY OF CLOUD SERVICES |
SR 003 391 : 2.1.1 | CLOUD STANDARDS COORDINATION PHASE 2; INTEROPERABILITY AND SECURITY IN CLOUD COMPUTING |
EN ISO/IEC 27000:2017 | Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2016) |
ISO/IEC 19941:2017 | Information technology — Cloud computing — Interoperability and portability |
ISO/IEC 38505-1:2017 | Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data |
16/30333228 DC : 0 | BS ISO/IEC 38505-1 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - PART 1: THE APPLICATION OF ISO/IEC 38500 TO THE GOVERNANCE OF DATA |
S.R. CEN/TS 17159:2018 | SOCIETAL AND CITIZEN SECURITY - GUIDANCE FOR THE SECURITY OF HAZARDOUS MATERIALS (CBRNE) IN HEALTHCARE FACILITIES |
CAN/CSA-ISO/IEC 19086-1:18 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts (Adopted ISO/IEC 19086-1:2016, first edition, 2016-09-15) |
CAN/CSA-ISO/IEC 27036-4:18 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services (Adopted ISO/IEC 27036-4:2016, first edition, 2016-10-01) |
ISO/IEC 27036-4:2016 | Information technology Security techniques Information security for supplier relationships Part 4: Guidelines for security of cloud services |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO 31000:2009 | Risk management Principles and guidelines |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO/IEC 27018:2014 | Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
ISO 19440:2007 | Enterprise integration Constructs for enterprise modelling |
ISO/IEC 27036-3:2013 | Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
SA/SNZ TR ISO/IEC 38505.2:2019 | Information technology - Governance of IT - Governance of data Implications of ISO/IEC 38505-1 for data management |
ISO/IEC 17203:2017 | Information technology — Open Virtualization Format (OVF) specification |
ISO/IEC 27036-1:2014 | Information technology Security techniques Information security for supplier relationships Part 1: Overview and concepts |
ISO/IEC 27036-2:2014 | Information technology Security techniques Information security for supplier relationships Part 2: Requirements |
ISO/IEC 27040:2015 | Information technology — Security techniques — Storage security |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
ISO/IEC 17788:2014 | Information technology — Cloud computing — Overview and vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.