The ISO/IEC 27017:2015 certification provides guidelines for information security controls specifically related to cloud services. This standard builds on ISO/IEC 27002 by addressing additional cloud-specific security controls for both cloud service providers and customers. Its primary purposes include:

1. Enhanced Cloud Security: ISO/IEC 27017:2015 helps ensure that organizations use standardized security controls for data protection in cloud environments, reducing risks specific to cloud operations.

2. Clear Roles and Responsibilities: The standard defines security responsibilities for both cloud providers and cloud users, making it easier to understand who is responsible for which aspects of security.

3. Risk Management and Compliance: Organizations can use ISO/IEC 27017:2015 to align with regulatory requirements and manage cloud-related risks more effectively.

4. Customer Assurance: By achieving this certification, cloud providers can demonstrate their commitment to security best practices, enhancing customer trust in their services.

5. Guidance on Shared Responsibility: The standard also emphasizes shared responsibility models, helping both providers and customers understand their obligations in protecting data in the cloud.

Overall, ISO/IEC 27017:2015 helps organizations establish cloud-specific security practices, improving security posture in cloud environments and supporting regulatory compliance.