Global | ALL INDUSTRIES
The International Organization for Standardization (ISO) is an independent, non-governmental organization with an international membership of 163 national standards bodies.
The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- Additional implementation guidance for relevant controls specified in ISO/IEC 27002
- Additional controls with implementation guidance that specifically relate to cloud services
This standard provides controls and implementation guidance for both cloud service providers like Google and our cloud service customers.
ISO/IEC 27017 provides cloud-based guidance on 37 ISO/IEC 27002 controls, along with seven new cloud controls that address:
- Who is responsible for what between the cloud service provider and the cloud customer
- The removal/return of assets when a contract is terminated
- Protection and separation of the customer’s virtual environment
- Virtual machine configuration
- Administrative operations and procedures associated with the cloud environment
- Customer monitoring of activity within the cloud
- Virtual and cloud network environment alignment
Google Cloud, Google Workspace, Chrome, and Apigee are certified as ISO/IEC 27017 compliant.
Google Cloud, Google Workspace, and Apigee ISO 27017 certificates may be requested via the Compliance Reports Manager. Potential customers can reach out to sales for more information.
Google Cloud services that are in scope for ISO/IEC 27017
Chronicle (Security) and Threat Intelligence for
Chronicle are covered by the
Chronicle terms of service.
Chronicle (Security) and Threat Intelligence for Chronicle are covered by the Chronicle terms of service.