ISO/IEC 27017:2015 provides specific guidelines for information security controls relevant to cloud service providers and cloud customers. It supplements ISO 27001 by addressing security controls specific to cloud computing environments.
The standard covers controls for both cloud service providers and customers, addressing the unique risks associated with cloud computing such as data location, availability, and shared infrastructure security.