ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). We use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. ISO 9001 was first published in 1987 by the International Organization for Standardization (ISO), an international agency composed of the national standards bodies of more than 160 countries. The current version of ISO 9001 was released in September 2015.

ISO 20000 is the international standard for IT Service Management (ITSM), published by ISO (the International Organization for Standardization), and ICE (the International Electoral Commission). The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. ISO/IEC 20000-1:2018 specifies requirements for "establishing, implementing, maintaining and continually improving a service management system (SMS). An SMS supports the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services, which meet agreed requirements and deliver value for customers, users and the organization delivering the services.".

ISO/IEC 27001:2022, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS). According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." The goal of ISO 27001 is to help organizations protect their critical information assets and comply with applicable legal and regulatory requirements.

ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management. This standard was built from ISO/IEC 27002, suggesting additional security controls for the cloud which were not completely defined in ISO/IEC 27002. This International Standard offers guidance for cloud service customers, who adopt the controls, and cloud service providers, who facilitate the controls’ implementations. The framework defines alignment of security management for cloud computing, virtual and physical networks. ISO 27017 takes all requisite safety precautions, risk-based analysis for online safety and extends them directly to cloud security, where information security controls are applicable to the framework apply.

ISO/IEC 27018 is a security standard part of the ISO/IEC 27000 family of standards. It was the first international standard about the privacy in cloud computing services which was promoted by the industry. It was created in 2014 as an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. ISO/IEC 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information or PII. ISO 27018 is a code of practice for public cloud service providers.
ISO 27018 does two things:
- Gives further helpful implementation guidance (adding to ISO 27002) for the controls published in ISO/IEC 27001
- Sets out extra guidance on PII protection requirements for the public cloud