Page 416 - Cloud computing: From paradigm to operation
P. 416

1                                    Framework and requirements for cloud computing


            •       ISO/IEC 22123: This document provides a consolidated set of terms and definitions extracted from
                    the ISO/IEC cloud computing standards, including, but not limited to, ISO/IEC 17788, ISO/IEC 17789,
                    ISO/IEC 19086, ISO/IEC 19941 and ISO/IEC 19944. In addition, relevant and stable terminology from
                    non-cloud computing ISO sources (e.g., Information technology – Security techniques) and external
                    organization  are  also  included.  This  document  also contains  terms  and  definitions  that  are  not
                    necessarily  contained  in  other  works.  This  document  also  addresses  discrepancies  and
                    inconsistencies  that  have  been  identified  in  the  consolidated  terms  and  definitions  to  further
                    enhance the usability of the ISO cloud computing terminology. This document includes additional
                    descriptions  and  clarifications  of  cloud  computing  vocabulary  terms,  concepts  and  their  inter-
                    relationships.
                    URI: https://www.iso.org/standard/72627.html

            •       ISO/IEC 22624: This document:
            –       describes a framework for the structured expression of data-related policies and practices in the
                    cloud computing environment, based on the data taxonomy in ISO/IEC 19944;

            –       covers expression of data-related policies and practices including, but not limited to, the following:
                    •   data geolocation: location of data in various jurisdictions, as it applies to data at rest;
                    •   cross-border control of data: control of data that resides in different jurisdictions or under
                        different  sovereign  control  depending  on  their  data  categorization  (ISO/IEC 19944),  and/or
                        classification hierarchy and data use statement structure (ISO/IEC 19944);
                    •   cross-border  flow  of  data:  flow  of  data  across  borders  and  in  general  across  various
                        jurisdictions;
                    •   data portability: portability requirements of data in the cloud computing environment;
                    •   data classification: policies and practices which vary depending on the classification of the data;
                    •   data processing: processing of the data either by the CSP or by a 3rd party;
                    •   data management: management of the data either by the CSP or by a 3rd party;
                    •   data governance: governance of the data;
            –       describes how the framework can be used in code(s) of conduct for practices regarding data at rest
                    and in transit, including cross-border transfer of data, as well as remote access to data;
            –       provides guiding principles on application of the taxonomy for the handling of data based on data
                    subcategory and classification, including the processes that are needed for data in different levels
                    of categorization and classification;

            –       provides use cases for data sovereignty challenges, i.e. control, access and location of data according
                    to data categories just in-time elevations in data access for people in various roles (e.g., data centre
                    operators and administrators, and other roles in cloud computing).
                    This document is applicable primarily to cloud service providers, cloud service customers and cloud
                    service users, but also to any person or organization involved in legal, policy, technical or other
                    implications of taxonomybased data management in cloud services.
                    URI: https://www.iso.org/standard/73614.html
            •       ISO/IEC TR 22678: This document provides guidance on the use of international standards as a tool
                    in the development of those policies that govern or regulate cloud service providers (CSPs) and cloud
                    services,  and  those  policies  and  practices  that  govern  the  use  of  cloud  services  in  enterprise
                    organisations. This includes material that explains cloud computing concepts and the role of cloud
                    computing  international  standards  in  formulating  policies  and  practices.  The  document  makes
                    reference  to  various  international  standards.  Where  possible,  these  standards  are  ISO/IEC
                    documents. Where a suitable ISO/IEC standard is not available, references are made to documents
                    published by other WTO-registered standards bodies. As explained in the WTO "Technical Barriers
                    to  Trade"  (TBT)  Agreement,  standards  play  a  vital  role  in  supporting  technical  regulations  and
                    conformity assessment, however this document does not cover matters of trade.
                    URI: https://www.iso.org/standard/73642.html



            408
   411   412   413   414   415   416   417   418   419   420   421