® 
ISO 27017
Definition
ISO 27017 is an international standard providing guidelines for information security specific to cloud services, extending ISO 27001 with cloud-specific security controls.
ISO 27017 is an international standard providing information security guidelines specific to cloud services. It extends ISO 27001 and ISO 27002 with cloud-specific security controls, addressing both cloud providers and cloud customers.
How does ISO 27017 work?
ISO 27017 describes 37 existing ISO 27002 controls in a cloud context and adds 7 new cloud-specific controls covering: responsibility division between provider and customer, virtualisation security and multi-tenancy isolation, customer data protection upon service termination, shared cloud network security, cloud activity logging and monitoring, and cloud access rights management.
Impact on organisations
Organisations using or providing cloud services can use ISO 27017 certification as proof of trustworthiness. Combined with ISO 27001 it provides a complete cloud security framework. NIS2 requires appropriate cloud security measures.
Protection
Evaluate whether cloud providers are ISO 27017 certified. Implement customer-specific ISO 27017 controls. Combine ISO 27017 with CSPM for continuous compliance monitoring.
How DEFION helps
DEFION evaluates cloud security against ISO 27017 guidelines as part of Cloud Security Assessments.