ISO/IEC 27017:2015 Code of Practice for Information Security Controls
The ISO / IEC 27017:2015 code of practice is designed for organizations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO / IEC 27001:2013. It can also be used by cloud service providers as a guidance document for implementing commonly accepted protection controls.
This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.
The scope of the OVHcloud ISO 27001 certification and attestation align to the controls in ISO/IEC 27017:2015 ("ISO 27017") for OVHcloud services and US Data Centers:
- Dedicated Servers
- Virtual Private Servers
- Hosted Private Cloud
- Public Cloud Services
US Data Centers:
- Vint Hill, Virginia (East Coast)
- Hillsboro, Oregon (West Coast)
US customers utilizing OVHcloud international Data Centers and requiring an ISO certificate for these Data Centers should contact their sales representative or email email@example.com.