If you help organizations implement ISO 27001, you should also help them test controls. ISO 27008 makes your audit reports more robust and less prone to challenge.
Incorporate automated vulnerability testing software alongside manual configuration review processes. iso 27008 standard pdf
A: Yes. The assessment methods apply regardless of hosting. For shared controls, it references ISO 27017 and ISO 27018. If you help organizations implement ISO 27001, you
You would use both during a comprehensive internal or external audit. iso 27008 standard pdf