To date, there is a great number of ISO standards applied to the cloud. Taking out the expired and withdrawn versions, here is the list:

• ISO/IEC 17788:2014

Information Technology -- Cloud computing – Overview and vocabulary

• ISO/IEC 17789:2014

Information Technology -- Cloud computing -- Reference architecture

• ISO/IEC 17826:2016

Information Technology -- Cloud Data Management INTERFACE (CDMI)

• ISO/IEC 19086-1:2016

Information Technology -- Cloud computing -- Service level agreement (SLA) framework -- Part 1: Overview and concepts

• ISO/IEC 19086-2:2018

Cloud computing -- Service level agreement (SLA) framework -- Part 2: Metric model

• ISO/IEC 19086-3:2017

Information Technology -- Cloud computing -- Service level agreement (SLA) framework -- Part 3: Core conformance requirements

• ISO/IEC 19086-4:2019

Cloud computing -- Service level agreement (SLA) framework -- Part 4: Components of security and of protection of PII (Personally Identifiable Information)

• ISO/IEC 19099:2014     

Information Technology -- VIRTUALIZATION Management Specification

• ISO/IEC 19831:2015     

Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol -- An Interface for Managing Cloud Infrastructure

• ISO/IEC 19941:2017

Information Technology -- Cloud computing -- Interoperability and portability

• ISO/IEC 19944:2017

Information Technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use

• ISO/IEC TR 22678:2019

Information Technology -- Cloud computing -- Guidance for policy development

• ISO/IEC TR 23186:2018

Information Technology -- Cloud computing -- Framework of TRUST for processing of multi-sourced data

• ISO/IEC 27017:2015

Information Technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services

• ISO/IEC 27018:2019

Information Technology -- Security techniques -- Code of practice for protection of PII in public clouds acting as PII processors

Like any other ISO standards, conforming to them has many benefits for the provider’s businesses: building credibility at the international level, saving time and money by identifying and solving recurring problems, improving and enhancing the system and process efficiency and effectiveness. On top of that, it is also a living proof, publicly accessible, that the provider has properly managed their information security including its risk, fulfilled their audit requirements and established trust both internally and EXTERNALLY that controls are properly placed and implemented in order to serve their customers better and HENCE increase their satisfaction level.

You, as the user, are urged to assess the ISO certification they have. Critical points to reflect on are: which product, service, location does it actually cover? Is the certification for the entire organization or only for their head office exclusive of their branches? Who issues the certification and whether the issuer is one of ISO accredited bodies? For certain you must see the original certificate and witness what information revealed there.