ISO/IEC 27017 is a globally recognized standard dedicated to guiding cloud service providers in the implementation of information security controls. Building upon the framework of ISO 27001 and ISO 27002, this standard provides tailored security control guidance for various cloud service models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It not only covers additional controls specific to cloud services but also includes specific guidance for implementing these controls, as well as newly introduced control mechanisms to address

The CSA STAR is an international certification program co-developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), focused on enhancing the security standards of cloud services. It is based on the ISO/IEC 27001 standard, incorporates the Cloud Controls Matrix (CCM) specifications, and adopts BSI's maturity model and assessment techniques. The CSA STAR certification evaluates an organization's cloud security management and technical capabilities across five key areas—including communication, stakeholder engagement, policy and strategy, technical capabilities,