Does your organization act as a Cloud Service Provider (CSP), Cloud Service Customer (CSC), or both?

ISO/IEC 27017 provides cloud-specific information security controls extending ISO 27001. It applies to both CSPs offering cloud services and CSCs using them.