IBM Cloud® compliance: ISO 27017
Illustration showing a person interacting with a computer interface, around which are a security shield and a globe on a pedestal
What is ISO 27017?

The International Organization for Standardization (ISO) is an independent nongovernmental organization that publishes standards in technical and nontechnical fields. The ISO/IEC 27000 series of standards is a joint effort with the International Electrotechnical Commission (IEC) and defines mechanisms to help organizations keep information assets secure.

ISO/IEC 27017:2015 is a standard based on ISO/IEC 27002, with additional controls designed as a reference to help organizations understand and select appropriate information security controls in cloud computing. It offers cloud service customers practical information on what to expect from cloud service providers and what their own responsibilities are for information stored in the cloud.

The ISO/IEC 27017:2015 standard is also used by cloud service providers as a guideline for implementing common security controls within their platforms.

Reports and other documentation

IBM position

IBM applies ISO 27017 to our cloud-based products and services to enhance our Information Security Management System (ISMS) and ensures the same level of security and customer experience across each certified cloud service. IBM Service Descriptions (SDs) indicate if a given offering maintains ISO 27017 certification.

IBM ISO 27017 certificates are published and generally available. The services listed below are ISO 27017 certified. Services below issue ISO certificates at least once each year.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs