The ISO 27017 standard directs the information security elements of cloud computing by suggesting and supporting the deployment of cloud-specific security measures. It offers information that goes beyond the IEC 27002's general security guidelines for computing.
With a specific focus on cloud computing, ISO/IEC 27017 addresses the special security issues related to cloud services.
The standard provides guidelines on how to design efficient information security measures for cloud service customers (CSCs) and cloud service providers (CSPs). Data governance, information management and classification, legal and regulatory compliance, and incident response are just a few of the areas that these controls address.