Quick Search

Global Sustainability Services

Professional Services for Emerging International Standards  |  ISO 39001  |  ISO 41001  |  ISO 30401  |  ISO 20121  |  ISO/IEC 29100  |  ISO/IEC 27032  |  ISO/IEC 27018  |  ISO/IEC 27017  

ISO/IEC 27017

 Code of practice for information security controls for cloud services
The cloud is one of the most widely used innovations in today’s fast-paced world of commerce and business. As use of the cloud increases, users are demanding assurances that data stored and processed in the cloud is safe. Because of its very nature, the marketplace for cloud services is global, with providers dispersed across wide geographical areas, and data is routinely transferred across national boundaries. International guidance is therefore key.
This Code of Practice, published by ISO and IEC in 2015, provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers.
The standard emphasizes that the selection of appropriate information security controls, and the application of the guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloud-sector specific information security requirements.
  • Provide as a cloud service customer with practical information on what company should expect from Cloud Service Providers (CSPs)
  • Outline company’s roles and responsibilities as users of cloud services. 
  • Understand the shared responsibilities of the cloud and be confident that company is effectively utilizing cloud services and protecting your organization

Apply Enquiry Request Quotation Terms & Condition


Last Update: 2024-07-12   Disclaimer and Copyright
Copyright © 2024 Hong Kong Quality Assurance Agency. All rights reserved.