GCP security controls which comply with ISO 27017
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I'm assuming that by GCP you mean Google Cloud Platform.
Considering that, please note that we are not aware of which security controls GCP has implemented, so we cannot say which ones are related to applications. Although GCP is ISO 27017 certified (https://services.google.com/fh/files/misc/gcp_iso27017_spring_2020.pdf) its Statement of Applicability is not available.
Generally speaking applicable controls regarding applications would be from section A.14 (System acquisition, development, and maintenance) from ISO 27001 Annex A (please remember that ISO 27017 is a supporting standard for controls from ISO 27001).
Specific controls from ISO 27017 that may apply would be:
- 9.5.1 Segregation in virtual computing environments
- 12.1.5 Administrator’s operational security
- 12.4.5 Monitoring of cloud services
For further information, see:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Comment as guest or Sign in
Sep 14, 2020