ISO/IEC 27017 & 27018

ISO/IEC 27017:2015 provides additional cloud-specific implementation guidance for ISO/IEC 27002 controls plus seven cloud-only controls. ISO/IEC 27018:2019 is a code of practice for protecting PII in public clouds acting as PII processors. Both are typically certified together with ISO/IEC 27001.