ISO/IEC 27017:2015 Code of Practice for Information Security Controls
The ISO / IEC 27017:2015 code of practice is designed for organizations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO / IEC 27001:2013. It can also be used by cloud service providers as a guidance document for implementing commonly accepted protection controls.
This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.
The scope of the OVH US ISO 27001 certification and attestations align to the controls in ISO/IEC 27017:2015 ("ISO 27017") fo OVH US products and US data centers:
Products:
- Dedicated Servers
- Hosted Private Cloud
- Public Cloud Services
US data centers:
- Vint Hill, Virginia (East Coast)
- Hillsboro, Oregon (West Coast)
US customers utilizing OVH international data centers and requiring ISO certificates or attestation reports should contact their sales representative or email legal@corp.ovh.us