ISO27001 for a Cloud Service Provider

First is important to note that ISO 27001 is not applied to services, but to the process they rely on.

The second issue is, I'm assuming your question is about if the approach to a cloud services provider is similar to a data center provider.

Considering that, the general approach is the same:

• identify relevant requirements (e.g., business, customers, legal, etc.)
• identify and treat relevant risks
• operate, evaluate and improve the controls and processes

The difference will be on the application of controls related to the type of provided cloud service. For example:

• for IaaS, the controls applied by the provider will be limited to physical infrastructure and virtual machines
• for PaaS, the controls applied by the provider will also cover virtual servers, and, to some degree, applications
• For SaaS, the controls applied by the provider will cover datacenter facilities’ physical location, hardware, and software

For a data center provider, the provider will have to consider applying controls to datacenter facilities’ physical location, hardware, software, and data.

This article will provide you a further explanation about ISMS scope for cloud services

• Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001:

• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/