Professional Documents
Culture Documents
This standard will provide guidance on the information security elements/aspects of cloud
computing, recommending cloud-specific information security controls supplementing those
recommended by ISO/IEC 27002 and indeed other ISO27k standards including ISO/IEC 27018 on
the privacy aspects of cloud computing, ISO/IEC 27031 on business continuity, and ISO/IEC
27036-4 on relationship management, as well as all the other ISO27k standards covering
information security in general.
Note: SC27 decided NOT to progress a separate cloud information security management system
specification standard, judging that ISO/IEC 27001 is sufficient. Therefore, there are no plans to
certify the security of cloud service providers specifically.
http://www.iso27001security.com/html/27017.html 05/08/2013