dnaSRPS EN ISO/IEC 27017:2026

Information security, cybersecurity and privacy protection - Information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC FDIS 27017:2026)

General information

Current stage: 50.20 Effective date: Apr 9, 2026

Next stage: 50.60 Next stage date: Jun 1, 2026

Originator: ISS

Owner: I224

Type: European Norm

ICS: 35.030 03.100.70

Languages: English

Scope

This document provides guidance for information security controls, based on ISO/IEC 27002, applicable to the provision and use of cloud services. This document provides：
— additional guidance for relevant controls specified in ISO/IEC 27002:2022;
— additional controls with guidance that specifically relate to cloud services.
This document provides controls and guidance for CSCs and CSPs.
This document is considered to be a horizontal document as it provides a foundation and a common understanding of security regarding the provision and use of cloud services.
This document applies to all types of cloud deployment models including the private cloud. When applying this document to the private cloud, the controls and guidance of this document are applicable, although adjustments can be necessary to adapt to the relationships and abilities of an organization’s internal departments.”

Life cycle

PREVIOUSLY

PUBLISHED
SRPS ISO/IEC 27017:2019

NOW

PROJECT
dnaSRPS EN ISO/IEC 27017:2026
50.20 Proof sent to secretariat or FDIS ballot initiated: 8 weeks
Apr 9, 2026

Related project

Adopted from FprEN ISO/IEC 27017 IDENTICAL

Adopted from ISO/IEC FDIS 27017 IDENTICAL

Preview

To view the full content, you need to register or to log in to your account by clicking on the "Log in" button