ISO-IEC 27017-2015 公有云服务管理体系认证.docxVIP

Introduction 介绍 The guidelines contained within this Recommendation | International Standard are in addition to and complement the guidelines given in ISO/IEC 27002. 本建议书中包含的指南| 国际标准是对ISO / IEC 27002中给出的准则的补充。 Specifically, this Recommendation | International Standard provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers.Some guidelines are for cloud service customers who implement the controls, and others are for cloud service providers to support the implementation of those controls.The selection of appropriate information security controls and the application of the implementation guidance provided, will depend on a risk assessment and any legal, contractual, regulatory or other cloudsector specific information security requirements. 具体而言，本指南|国际标准提供了支持云服务客户和云服务提供商实施信息安全控制的指南。其中一些准则适用于实施这些控制措施的云服务客户，其他准则适用于支持这些控制措施实施的云服务提供商。适当信息安全控制的选择和所提供实施指南的应用将取决于风险评估和任何法律、合同、监管或其他特定于云部门的信息安全要求。 Information technology Security techniques Code of practice for information security controls based on ISO/IEC 27002 for cloud services IT安全技术基于ISO/IEC27002的云服务信息安全控制实施规范 1、Scope 1、范围 This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: 本指南|国际标准通过提供以下内容，提供了适用于提供和使用云服务的信息安全控制准则： -additional implementation guidance for relevant controls specified in ISO/IEC 27002; -additional controls with implementation guidance that specifically relate to cloud services. -ISO/IEC27002中规定的相关控制的附加实施指南； -带有具体与云服务相关的实施指南的附加控制。 This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers. 本指南|国际标准为云服务提供商和云服务客户提供控制和实施指南。 2、Normative references 2、规范性参考文献 The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International