The International Organization for Standardization (ISO) is an independent,
non-governmental international organization with a membership of 163
national standards bodies.
The ISO/IEC 27017:2015
gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
- Additional implementation guidance for relevant controls specified
in ISO/IEC 27002
- Additional controls with implementation guidance that specifically relate to cloud services
This standard provides controls and implementation guidance for both
cloud service providers (like Google) and our cloud service customers.
ISO 27017 provides cloud-based guidance on 37 of the controls in
ISO 27002 but also features seven new cloud controls that address the
- Who is responsible for what between the cloud service provider and
the cloud customer
- The removal/return of assets when a contract is terminated
- Protection and separation of the customer’s virtual environment
- Virtual machine configuration
- Administrative operations and procedures associated with the cloud
- Cloud customer monitoring of activity within the cloud
- Virtual and cloud network environment alignment
Google Cloud Platform
and G Suite
are certified as ISO 27017 compliant.