ISO/IEC 27017
Code of practice for information security controls for cloud services
The cloud is one of the most widely used innovations in today’s fast-paced world of commerce and business. As use of the cloud increases, users are demanding assurances that data stored and processed in the cloud is safe. Because of its very nature, the marketplace for cloud services is global, with providers dispersed across wide geographical areas, and data is routinely transferred across national boundaries. International guidance is therefore key.
This Code of Practice, published by ISO and IEC in 2015, provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers.
The standard emphasizes that the selection of appropriate information security controls, and the application of the guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements.
Benefits:
-
Provide as a cloud service customer with practical information on what company should expect from Cloud Service Providers (CSPs)
-
Outline company’s roles and responsibilities as users of cloud services.
-
Understand the shared responsibilities of the cloud and be confident that company is effectively utilizing cloud services and protecting your organization
|
