Specifically for OVH, what difference does it make?
Technically, the changes are anecdotal, our management systems have been built under the context of cloud service and for the most part, the measures put in place are already ISO 27017 compliant. Moreover, we already communicate a lot with our customers to help them understand our architectures and security measures put in place. Communication is made through contractual documents, our website, documents transmitted after signing an agreement of confidentiality and via our technical and commercial support. This is a very rich process which we are continuously improving. In this context, we will ensure compliance with all the recommendations of the standard.
And for the customer?
Reading the standard permits the buyer of the cloud service to identify important points and assists in their choosing of partners. CIOs (Chief Information Officer) want more flexibility and want to be able to appeal to the most appropriate vendor for each use case. Therefore the supply of information services evolves naturally from a chain model to a network model. An increase in commercial and technical relationships introduces a new complexity that we must learn to manage. ISO 27017 standardizes the relationships between customers and cloud service providers by creating a framework and facilitating management. By conforming to ISO 27017, users of OVH services benefit from guarantees in increased security safeguards. In the coming months, we plan to continue to increase the number of certifications that we hold, especially including certification permitting OVH to host healthcare data.
(1) – ISO/CEI 27002 is made up of a group of 113 measures called “best practices,” which are intended to be used by those responsible for putting in place or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard as the “preservation of confidentiality, integrity, and availability.”