ISO 27017:2015 is an international standard issued by the International Organization for Standardization (ISO) in December 2015. It is a practical standard for cloud service information security and offers cloud service providers and customers with guidelines for specific security controls and their implementation. ISO 27017 is a standard based on ISO 27002, and its primary purpose is to provide cloud vendors with security specifications for cloud construction and OPS. The requirements in ISO 27017 consist of the following two parts:
- Requirements in ISO 27002: under the framework of ISO 27002, additional implementation guidelines for 37 controls are proposed.
- Special requirements in cloud environments: outside the framework of ISO 27002, 7 control measures that require special consideration in cloud computing environments are added.
Specificity of ISO 27017:
- On each control, implementation guidelines are provided to cloud service providers and customers respectively, and the roles and responsibilities of both parties are elaborated.
- Based on the requirements in the ISO 27017 standard, Tencent Cloud has established a more comprehensive cloud security management system to improve its overall cloud security service capabilities.