WHAT IS THATThe ISO/IEC 27017 standard is part of the ISO/IEC 27001 series of standards and defines advanced controls for both cloud service providers and customers. It clarifies the roles and responsibilities of the various actors in the cloud environment with the aim of ensuring that the data stored in cloud computing is safe and secure.
Being Guidelines, the ISO/IEC 27017 standard is therefore not certifiable.
Nonetheless, as required by the Accredia circular DC2018SSV022, it is possible to obtain an integration of an existing ISO/IEC 27001 certificate provided it is issued by a recognized certification body, such as CSQA.
The integration with ISO 27017 is aimed at demonstrating the Provider's ability to ensure data protection .
CSQA is accredited by ACCREDIA.
KEY POINTSThe standard provides guidance for cloud services based on the 37 controls derived from ISO/IEC 27002 and seven new additional controls focusing on the following points:
- division of responsibilities between cloud services provider and customers
- removal / assignment of assets upon termination of a contract
- protection and separation of the virtual environments of the different
- Virtual Machine configuration
- administrative tasks and procedures associated with the cloud environment
- monitoring of customer activities within the cloud environment
- alignment of virtual and cloud environments
- It helps cloud service providers address applicable legal obligations as well as customer expectations
- Facilitates cloud service contracting
- Improve the transparency and credibility of cloud services
- Increase customer trust