BS ISO/IEC 27017:2015 Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services

BS ISO/IEC 27017:2015

Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services

Status : Current   Published : December 2015

Format
PDF

Format
HARDCOPY



BS ISO/IEC 27017:2015
Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services

What is it?

BS ISO/IEC 27017:2015 is a sector-specific supplement to BS ISO/IEC 27001:2013 and BS ISO/IEC 27002:2013 for use when providing or using cloud services. It contains additional security controls and guidance beyond those found in BS ISO/IEC 27002:2013.

How does it work?

BS ISO/IEC 27017:2015 follows the structure of BS ISO/IEC 27002:2013, providing guidance specific to cloud services. It also defines an extended control set of additional security controls specific to cloud services. BS ISO/IEC 27017:2015 is based on a model of collaboration between the cloud service provider and cloud service customer, whereby each accepts specific responsibilities in order to ensure the overall security of the cloud service as used by the customer.

If applicable, certification bodies operating in accordance with BS ISO/IEC 27006:2015 may reference BS ISO/IEC 27017:2015 when awarding certification.

Who should buy it?

BS ISO/IEC 27017:2015 is essential for any organization that wishes to provide cloud services that might be incorporated within an Information Security Management System (ISMS) certified against BS ISO/IEC 27001:2013. It defines their obligations and responsibilities necessary to ensure that such certification is possible.

It will also be useful to organizations wishing to use cloud services as consumers, both by identifying their responsibilities to ensure certification of related security controls against BS ISO/IEC 27001:2013 is possible, and as a checklist to ensure that potential providers of the cloud service have the necessary security policies, practices and controls in place.

See the preview for contents.




Standard NumberBS ISO/IEC 27017:2015
TitleInformation technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services
StatusCurrent
Publication Date31 December 2015
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000, ISO/IEC 17788, ITU-T Y.3500, ISO/IEC 17789, ISO/IEC 27002:2013, ITU-T Y.3502
Informative References(Provided for Information)ENISA 2009, ISO 19440:2007, ISO/IEC 27036-2:2014, ISO/IEC 27036-3:2013, NIST SP 800-145:2011, ISO 31000:2009, ISO/IEC 27005:2011, ITU-T X.805:2003, ISO/IEC 27018:2014, ISO/IEC 17203:2011, NIST 2009, ISO/IEC 27036-1:2014, ISO/IEC 27036-4, ISO/IEC 27040:2015, ISO/IEC 27001:2013
International RelationshipsISO/IEC 27017:2015
Draft Superseded By15/30259619 DC
DescriptorsInformation exchange, Data security, Management, Computer hardware, Access, Computer networks, Data processing, Computer software, Data transmission, Data storage protection, Computers
ICS03.100.70
35.030
Title in FrenchTechnologies de l'information. Techniques de sécurité. Code de pratique pour les contrôles de sécurité de l'information fondés sur l'ISO/IEC 27002 pour les services du nuage
CommitteeIST/33
ISBN978 0 580 78159 9
PublisherBSI
FormatA4
DeliveryYes
Pages48
File Size1.546 MB
Price£240.00


 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Develop a PAS

Develop a fast-track standardization document in 9-12 months


Worldwide Standards
We can source any standard from anywhere in the world


BSOL

The faster, easier way to work with standards


Customers who bought this product also bought