The shared responsibility model describes how security responsibilities are divided between cloud provider and customer. The provider is responsible for security of the cloud infrastructure (physical data centres, hypervisor, network). You, as the customer, are responsible for security in the cloud: configuration, access rights, data encryption, and application security. The exact boundary shifts depending on the service model (IaaS, PaaS, SaaS). In your ISMS you must document the model per cloud service and ensure your area of responsibility is covered without gaps.