ISO/IEC 27017:2015 - Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services

This standard provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002 and other ISO27k standards.
The code of practice provides additional information security controls implementation advice beyond that provided in ISO/IEC 27002, in the cloud computing context.
The standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.  For instance, section 6.1.1 on information security roles and responsibilities says, in addition to section 6.1.1 of ISO/IEC 27002:2013: