
ISO/IEC 27017:2015 Code of Practice for Information Security Controls Awareness
The ISO/IEC 27017:2015 code of practice is designed for organisations to use as a reference for selecting cloud services information security controls when implementing a cloud computing information security management system based on ISO/IEC 27002:2013. It can also be used by cloud service providers as a guidance document for implementing commonly accepted protection controls.