ISO 27017 Cloud
ISO 27017 cloud security extension of ISO 27002.
Definition
ISO 27017 adds ~37 cloud-specific controls and clarifies shared cloud provider / customer responsibilities. Covers Trust services, virtual machines, monitoring of cloud services use, segregation in virtual environments, removal of cloud service customer assets. Adopted by AWS, Azure, Google Cloud, IBM Cloud, OVHcloud, OCI.
Origin
ISO/IEC JTC 1/SC 27, ISO/IEC 27017 published December 2015, revision in progress 2024.
Usage
Recommended standard for any cloud provider and cloud customer. Often audited jointly with ISO 27001 + ISO 27018.