ISO/IEC 27017 is the international standard on Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services. It provides guidelines for information security controls that are applicable to providing and using cloud services by outlining: additional implementation guidance for relevant controls specified in ISO/IEC 27002 additional controls with implementation guidance that specifically relate to cloud services
Benefits of ISO 27017 Cloud adoption continues to increase as users realize the benefits it can bring including greater agility, continuity and scalability. However to drive business success using the cloud, clarity over individual roles and responsibilities is essential. This was widely recognized by industry leaders who participated in the development of ISO/IEC 27017, which requires organizations to consider roles and responsibilities for both cloud service providers and users (cloud customers) who are procuring services.