Certification: ISO/IEC 27017:2015

ISO 27017

ISO/IEC 27017:2015 Code of Practice for Information Security Controls

The ISO / IEC 27017:2015 code of practice is designed for organizations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO / IEC 27001:2013. It can also be used by cloud service providers as a guidance document for implementing commonly accepted protection controls.


This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.


The scope of the OVHcloud ISO 27001 certification and attestation aligns to the controls in ISO/IEC 27017:2015 ("ISO 27017") for OVHcloud services and US Data Centers:



  • Dedicated Servers
  • Virtual Private Servers
  • Hosted Private Cloud
  • Public Cloud Services

US Data Centers:

  • Vint Hill, Virginia (East Coast)
  • Hillsboro, Oregon (West Coast)


US customers utilizing OVHcloud international Data Centers and Services requiring an ISO 27001 certificate should contact their sales representative or email legal@corp.ovh.us.

Ready to get Started?

Contact Us