Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of cloud services
a) gaining visibility into the information security risks associated with the use of cloud services and managing those risks effectively, and
b) responding to risks specific to the acquisition or provision of cloud services that can have an information security impact on organizations using these services.
ISO/IEC 27036-4:2016 does not include business continuity management/resiliency issues involved with the cloud service. ISO/IEC 27031 addresses business continuity.
ISO/IEC 27036-4:2016 does not provide guidance on how a cloud service provider should implement, manage and operate information security. Guidance on those can be found in ISO/IEC 27002 and ISO/IEC 27017.
The scope of ISO/IEC 27036-4:2016 is to define guidelines supporting the implementation of information security management for the use of cloud services.
|Publication type||International Standard|
|TC/SC||ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protectionrss|
|ICS||35.030 - IT Security|
|File size||1239 KB|
The following test report forms are related:
Share this page
Share your publications
Learn how to share your publications with your colleagues, using networking options.
Our prices are in Swiss francs (CHF). We accept all major credit cards (American Express, Mastercard and Visa), PayPal and bank transfers as form of payment.
Keep in touch
Keep up to date with new publication releases and announcements with our free IEC Just Published email newsletter.
Contact customer services
Please send your enquiry by email or call us on +41 22 919 02 11 between 09:00 – 17:00 CET Monday to Friday.