本文档调查了云服务审计的各个方面，包括: 1） ？进行审计的各方的角色和责任，以及CSC、CSP和CSN之间互动的描述； 2） ？对云服务进行审计的方法，以提高交付和使用云服务的信心； 3） ？可用于审计方案、认证和授权的可用框架和标准示例。 本文档以ISO/IEC 17789和ISO/IEC 22123中定义的云审核员角色为基础。 本文件适用于所有类型和规模的组织，这些组织需要规划和执行内部或外部审计，并使用、提供和支持云服务。 本文件无意描述认证或识别其他地方发布的控制措施。

This document surveys aspects of the audit of cloud services including: 1)？role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN; 2)？approaches for conducting audits of cloud services to facilitate confidence in delivering and using cloud services; 3)？examples of available frameworks and standards which can be used for audit schemes, for certification, and for authorization. This document builds upon the cloud auditor role as defined in ISO/IEC 17789 and ISO/IEC 22123. This document is applicable to all types and sizes of organizations that need to plan and conduct internal or external audits, and that use, provide and support cloud services. This document is not intended to describe certification or to identify controls that are published elsewhere.