Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Detailed descriptions of implemented security measures on contracts related to offered cloud services


When an organization offers cloud services for its customers, the contract between the provider and customer should clearly specify the technical and organizational measures implemented to ensure information security.

The contract must also address that the data is not processed for any other purpose than according to instructions of the controller.

When offering cloud services, the provider should be transparent about its information security measures during the process of entering into a contract. However, it is ultimately the customer’s responsibility to ensure that implemented measures by the provider meet its obligations.

Connected other frameworks and requirements:
A.11.11: Contract measures
ISO 27018
15: Supplier relationships
ISO 27017
15.1: Information security in supplier relationships
ISO 27017
15.1.2: Addressing security within supplier agreements
ISO 27017
No items found.