Iso 27017 Certification

Isoiec 270172015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing.

Iso 27017 certification. Google cloud platform g suite and chrome are certified as iso 27017 compliant. Isoiec 27001 is the best known standard in the family providing requirements for an information security management system isms. It managers and other technical staff responsible for moving organizations to the cloud or expanding a cloud service engagement can reduce risks. 921 user registration and deregistration 922 user access provisioning 923 management of privileged access rights.

Additional controls with implementation guidance that specifically relate to cloud services. There are more than a dozen standards in the 27000 family you can see them here. So iso 27017 does suggest changes to most of the control sections the biggest changes are suggested in the access control area for example. The scope of the ovh us iso 27001 certification and attestations align to the controls in isoiec 270172015 iso 27017 fo ovh us products and us data centers.

Isoiec 27017 is unique in providing guidance for both cloud service providers and customers. The code of practice provides additional information security controls implementation advice beyond that provided in isoiec 27002 in the cloud computing context. If you are pursuing isoiec certifications while operating part or all of your it in the aws cloud you are not automatically certified by association. Aws isoiec 270172015 certification covers the security management process and cloud provider specific controls.

The standard advises both cloud service customers and cloud service providers with the primary guidance laid out side by side in each section. Additional implementation guidance for relevant controls specified in isoiec 27002.