CAN/CSA-ISO/IEC 27017:16
Current
The latest, up-to-date edition.
Information technology Security techniques Code of practice for information security controls based on ISO/IEC 27002 for cloud services (Adopted ISO/IEC 27017:2015, first edition, 2015-12-15)
Hardcopy , PDF
English
01-01-2016
Important note : All end users must be registered with an Account prior to user licenses being assigned.
1 Scope
2 Normative references
3 Definitions and abbreviations
4 Cloud sector-specific concepts
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental security
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity
management
18 Compliance
Annex A - Cloud service extended control set
Annex B - References on information security risk related
to cloud computing
Bibliography
Specifies guidelines for information security controls applicable to the provision and use of cloud services by providing: - additional implementation guidance for relevant controls specified in ISO/IEC 27002; and - additional controls with implementation guidance that specifically relate to cloud services.
| DocumentType |
Standard
|
| ISBN |
978-1-4883-0499-6
|
| Pages |
0
|
| PublisherName |
Canadian Standards Association
|
| Status |
Current
|
Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27017" throughout. At the time of publication, ISO/IEC 27017:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: additional implementation guidance for relevant controls specified in ISO/IEC 27002; additional controls with implementation guidance that specifically relate to cloud services. This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.
| Standards | Relationship |
| ISO/IEC 27017:2015 | Identical |
| ISO/IEC 27036-4:2016 | Information technology Security techniques Information security for supplier relationships Part 4: Guidelines for security of cloud services |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO 31000:2009 | Risk management Principles and guidelines |
| ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
| ISO/IEC 27018:2014 | Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
| ISO 19440:2007 | Enterprise integration Constructs for enterprise modelling |
| ISO/IEC 27036-3:2013 | Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security |
| ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
| ISO/IEC 17203:2017 | Information technology — Open Virtualization Format (OVF) specification |
| ISO/IEC 27036-1:2014 | Information technology Security techniques Information security for supplier relationships Part 1: Overview and concepts |
| ISO/IEC 27036-2:2014 | Information technology Security techniques Information security for supplier relationships Part 2: Requirements |
| ISO/IEC 27040:2015 | Information technology — Security techniques — Storage security |
| ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
| ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
| ISO/IEC 17788:2014 | Information technology — Cloud computing — Overview and vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.