ISO 27017 and ISO 27018 implementation

I mean company just develop and deploy our software in cloud and give access to our different customers. We are NOT a cloud hosting company like xxx or xxx.

Answer: As you said, you provide the SaaS service to your customers, it does not matter if you use a third party infrastructure to do that. If their contractual relationship is with you, any problem your customers have caused by the cloud service provider you selected, they will charge from you. So, I would recommend you to implement both ISO 27017 and ISO 27018, so you have means to ensure that cloud service provider you use to provide your SaaS service properly protects both its cloud infrastructure and your customers data.

This article will provide you further explanation about supplier managem ent:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

This article will provide you further explanation about ISO 27017 and ISO 27018:
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

These materials will also help you regarding supplier management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/