ISO/IEC 27017:2015 Code of Practice for Information Security Controls

The ISO / IEC 27017:2015 code of practice is designed for organizations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO / IEC 27001:2013. It can also be used by cloud service providers as a guidance document for implementing commonly accepted protection controls.

This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.

The scope of the OVHcloud ISO 27001 certification and attestation align to the controls in ISO/IEC 27017:2015 ("ISO 27017") for OVHcloud services and US Data Centers:

Services:

• Dedicated Servers
• Virtual Private Servers
• Hosted Private Cloud
• Public Cloud Services

US Data Centers:

• Vint Hill, Virginia (East Coast)
• Hillsboro, Oregon (West Coast)

US customers utilizing OVHcloud international Data Centers and requiring an ISO certificate for these Data Centers should contact their sales representative or email legal@corp.ovh.us.