Page 1081 - Cloud computing: From paradigm to operation
P. 1081

Security                                                   7


            18.1.2  Intellectual property rights

            Control 18.1.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.
            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider

             Installing commercially licensed software in a cloud   The cloud service provider should establish a process for
             service can cause a breach of the licence terms for the   responding to intellectual property rights complaints.
             software. The cloud service customer should have a
             procedure for identifying cloud-specific licensing
             requirements before permitting any licensed software
             to be installed in a cloud service. Particular attention
             should be paid to cases where the cloud service is
             elastic and scalable and the software can be run on
             more systems or processor cores than is permitted by
             the licence terms.

            18.1.3  Protection of records

            Control 18.1.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                           Cloud service provider
             The cloud service customer should request information   The cloud service provider should provide information
             from the cloud service provider about the protection of   to the cloud service customer about the protection of
             records gathered and stored by the cloud service   records that are gathered and stored by the cloud
             provider that are relevant to the use of cloud services by  service provider relating to the use of cloud services by
             the cloud service customer.                      the cloud service customer.

            18.1.4  Privacy and protection of personally identifiable information

            Control 18.1.4 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            Other information for cloud services

            ISO/IEC 27018, Code of practice for PII protection in public clouds acting as PII processors, offers additional
            information on this topic.

            18.1.5  Regulation of cryptographic controls
            Control 18.1.5 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                           Cloud service provider
             The cloud service customer should verify that the set of   The cloud service provider should provide descriptions
             cryptographic controls that apply to the use of a cloud   of the cryptographic controls implemented by the cloud
             service comply with relevant agreements, legislation and  service provider to the cloud service customer for
             regulations.                                     reviewing compliance with applicable agreements,
                                                              legislation and regulations.








                                                                                                        1073
   1076   1077   1078   1079   1080   1081   1082   1083   1084   1085   1086