For cloud service providers, BSI has recently published a security profile “Software-as-a-Service (SaaS)” based on ISO/IEC 27001. The leaflet and the underlying study can be downloaded (in German only) here.
Due to its risk-oriented top-down approach with its focus on a (layered) business process view, the profile is highly flexible. It is complemented by the bottom-up approach of IT-Grundschutz, with its (now) six modules on cloud computing (management, storage, usage, web services, web applications and virtualisation).
The module on management is already available in English. The BSI white paper “Security recommendation for cloud computing providers (Minimum information security requirements)” can be downloaded here.