This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides terms and definitions for vocabulary used in the field of cloud computing.

  • Standard
    15 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off

This document presents a model for cloud records management and outlines the risks and issues that are considered by records managers before adopting cloud services for records management. The model for cloud records management includes a stakeholder model, processes, metadata, architecture, and use cases. Risks and issues are classified into those originating from cloud services internally and those originating from cloud services externally. Internal risks are associated with cloud services, systems and stakeholders. External risks and issues can occur in the social and legal context in which cloud services operate.
The target audience of this document includes:  
— records, information, knowledge, and governance professionals;  
— cloud service architects;  
— archivists using cloud services for managing records;  
— developers of cloud-deployed records management software;  
— ICT staff; and  
— providers of cloud-based records management services.

  • Technical report
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off

This document — extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services, — describes the various types of data flowing within the devices and cloud computing ecosystem, — describes the impact of connected devices on the data that flow within the cloud computing ecosystem, — describes flows of data between cloud services, cloud service customers and cloud service users, — provides foundational concepts, including a data taxonomy, and — identifies the categories of data that flow across the cloud service customer devices and cloud services. This document is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organisation involved in legal, policy, technical or other implications of data flows between devices and cloud services.

  • Standard
    65 pages
    English language
    sale 15% off
  • Draft
    65 pages
    English language
    sale 15% off

The scope of this document is to describe guidance for using the ISO/IEC 19086-2 metric model, illustrated with examples.

  • Technical report
    34 pages
    English language
    sale 15% off
  • Draft
    34 pages
    English language
    sale 15% off

This document establishes commonly accepted control objectives, controls and guidelines for
implementing measures to protect Personally Identifiable Information (PII) in line with the privacy
principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration
the regulatory requirements for the protection of PII which can be applicable within the context of the
information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private
companies, government entities and not-for-profit organizations, which provide information processing
services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However,
PII controllers can be subject to additional PII protection legislation, regulations and obligations, not
applying to PII processors. This document is not intended to cover such additional obligations.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides an overview of and guidance on interactions between cloud service partners (CSNs), specifically cloud service brokers, cloud service developers and cloud auditors, and other cloud service roles. In addition, this document describes how cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) can be used to address those interactions, including the following: — definition of terms and concepts, and provision of an overview for interactions between CSNs and CSCs and CSPs; — description of types of CSN interactions; — description of interactions between CSNs and CSCs; — description of interactions between CSNs and CSPs; — description of elements of CSAs and Cloud SLAs for CSN interactions, both with CSPs and with CSCs.

  • Technical report
    34 pages
    English language
    sale 15% off
  • Technical report
    34 pages
    English language
    sale 15% off

This document describes a sample set of cloud service metering elements and billing modes.

  • Technical report
    7 pages
    English language
    sale 15% off

This document provides a description of a set of common technologies and techniques used in conjunction with cloud computing. These include: — virtual machines (VMs) and hypervisors; — containers and container management systems (CMSs); — serverless computing; — microservices architecture; — automation; — platform as a service systems and architecture; — storage services; — security, scalability and networking as applied to the above cloud computing technologies.

  • Technical specification
    54 pages
    English language
    sale 15% off

This document examines the concept of edge computing, its relationship to cloud computing and IoT, and the technologies that are key to the implementation of edge computing. This document explores the following topics with respect to edge computing: — concept of edge computing systems; — architectural foundation of edge computing; — edge computing terminology; — software classifications in edge computing, e.g. firmware, services, applications; — supporting technologies, e.g. containers, serverless computing, microservices; — networking for edge systems, including virtual networks; — data, e.g. data flow, data storage, data processing; — management, of software, of data and of networks, resources, quality of service; — virtual placement of software and data, and metadata; — security and privacy; — real time; — mobile edge computing, mobile devices.

  • Technical report
    44 pages
    English language
    sale 15% off

This document: — describes a framework for the structured expression of data-related policies and practices in the cloud computing environment, based on the data taxonomy in ISO/IEC 19944; — provides guidelines on application of the taxonomy for handling of data based on data subcategory and classification; — covers expression of data-related policies and practices including, but not limited to data geolocation, cross border flow of data, data access and data portability, data use, data management, and data governance; — describes how the framework can be used in codes of conduct for practices regarding data at rest and in transit, including cross border data transfer, as well as remote access to data; — provides use cases for data handling challenges, i.e. control, access and location of data according to ISO/IEC 19944 data categories. This document is applicable primarily to cloud service providers, cloud service customers (CSCs) and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of taxonomy-based data management in cloud services.

  • Standard
    37 pages
    English language
    sale 15% off

This document specifies a framework for a distributed real-time Access system. It includes: 1) an ID triggered modular system architecture, the functions of the modules, the semantics of messages those modules exchange, and elements of messages; 2) the system behaviour from the time it receives an access request until the time it sends the result along with the sequence; 3) performance measurement mechanisms using a time stamping function that can be employed for the evaluation of the system.

  • Standard
    27 pages
    English language
    sale 15% off

This document specifies security and protection of personally identifiable information components, SLOs and SQOs for cloud service level agreements (cloud SLA) including requirements and guidance. This document is for the benefit and use of both CSPs and CSCs.

  • Standard
    20 pages
    English language
    sale 15% off

This document provides guidance on the use of international standards as a tool in the development of those policies that govern or regulate cloud service providers (CSPs) and cloud services, and those policies and practices that govern the use of cloud services in organisations. This includes material that explains cloud computing concepts and the role of cloud computing international standards in formulating policies and practices. The document makes references to various international standards. Where possible, these standards are ISO/IEC standards. Where a suitable ISO/IEC standard is not available, references are made to documents published by other WTO-registered standards bodies. As explained in the WTO Agreement on Technical Barriers to Trade (TBT), standards play a vital role in supporting technical regulations and conformity assessment, however this document does not cover matters of trade.

  • Technical report
    34 pages
    English language
    sale 15% off

This document describes a framework of trust for the processing of multi-sourced data that includes data use obligations and controls, data provenance, chain of custody, security and immutable proof of compliance as elements of the framework.

  • Technical report
    15 pages
    English language
    sale 15% off

This document establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples. This document establishes a common terminology and approach for specifying metrics. This document is for the benefit of and use for both cloud service providers (CSPs) and cloud service customers (CSCs). This document is intended to complement ISO/IEC 19086-1, ISO/IEC 19086-3 and ISO/IEC 19086-4. This document does not mandate the use of a specific set of metrics for cloud SLAs.

  • Standard
    39 pages
    English language
    sale 15% off

IEC PAS 63178:2018(E) provides the requirements of all relevant manufacturing resources integrated to the cloud manufacturing service platform, including integration of hard manufacturing resources, soft manufacturing resources and manufacturing capabilities.
This document is used for the integration of the relevant resources to the smart manufacturing service platform.

  • Technical specification
    17 pages
    English language
    sale 15% off

ISO/IEC 19941:2017 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services. ISO/IEC 19941:2017 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively. The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.

  • Standard
    65 pages
    English language
    sale 15% off

ISO/IEC 19944:2017 - extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services, - describes the various types of data flowing within the devices and cloud computing ecosystem, - describes the impact of connected devices on the data that flow within the cloud computing ecosystem, - describes flows of data between cloud services, cloud service customers and cloud service users, - provides foundational concepts, including a data taxonomy, and - identifies the categories of data that flow across the cloud service customer devices and cloud services. ISO/IEC 19944:2017 is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.

  • Standard
    42 pages
    English language
    sale 15% off

ISO/IEC 19086-3:2017 specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086‑1 and guidance on the core conformance requirements. This document is for the benefit of and use by both cloud service providers and cloud service customers. ISO/IEC 19086-3:2017 does not provide a standard structure that would be used for cloud SLAs.

  • Standard
    15 pages
    English language
    sale 15% off

ISO/IEC 19086-1:2016 seeks to establish a set of common cloud SLA building blocks (concepts, terms, definitions, contexts) that can be used to create cloud Service Level Agreements (SLAs). This document specifies a) an overview of cloud SLAs, b) identification of the relationship between the cloud service agreement and the cloud SLA, c) concepts that can be used to build cloud SLAs, and d) terms commonly used in cloud SLAs. ISO/IEC 19086-1:2016 is for the benefit and use of both cloud service providers and cloud service customers. The aim is to avoid confusion and facilitate a common understanding between cloud service providers and cloud service customers. Cloud service agreements and their associated cloud SLAs vary between cloud service providers, and in some cases different cloud service customers can negotiate different contract terms with the same cloud service provider for the same cloud service. This document aims to assist cloud service customers when they compare cloud services from different cloud service providers. ISO/IEC 19086-1:2016 does not provide a standard structure that can be used for a cloud SLA or a standard set of cloud service level objectives (SLOs) and cloud service qualitative objectives (SQOs) that will apply to all cloud services or all cloud service providers. This approach provides flexibility for cloud service providers in tailoring their cloud SLAs to the particular characteristics of the offered cloud services. ISO/IEC 19086-1:2016 does not supersede any legal requirement.

  • Standard
    34 pages
    English language
    sale 15% off
  • Standard
    34 pages
    English language
    sale 15% off

This CDMI International Standard is intended for application developers who are implementing or using cloud storage. It documents how to access cloud storage and to manage the data stored there.

  • Standard
    259 pages
    English language
    sale 15% off

ISO/IEC 18384-3:2016 defines a formal ontology for service-oriented architecture (SOA), an architectural style that supports service orientation. The terms defined in this ontology are key terms from the vocabulary in ISO/IEC 18384-1.

  • Standard
    74 pages
    English language
    sale 15% off
  • Standard
    74 pages
    English language
    sale 15% off

ISO/IEC 18384-2:2016 describes a Reference Architecture for SOA Solutions which applies to functional design, performance, development, deployment and management of SOA Solutions. It includes a domain-independent framework, addressing functional requirements and non-functional requirements, as well as capabilities and best practices to support those requirements.

  • Standard
    191 pages
    English language
    sale 15% off
  • Standard
    191 pages
    English language
    sale 15% off

ISO/IEC 18384-1:2016 establishes vocabulary, guidelines, and general technical principles underlying service oriented architecture (SOA), including principles relating to functional design, performance, development, deployment, and management.

  • Standard
    51 pages
    English language
    sale 15% off

ISO/IEC 17789:2014 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.

  • Standard
    53 pages
    English language
    sale 15% off

ISO/IEC TR 30102:2012 describes the general technical principles underlying Service Oriented Architecture (SOA), including principles relating to functional design, performance, development, deployment and management. It provides a vocabulary containing definitions of terms relevant to SOA. It includes a domain-independent technical framework, addressing functional requirements and non-functional requirements.

  • Technical report
    73 pages
    English language
    sale 15% off

ISO/IEC 20933:2016 specifies: 1) an ID triggered modular access system, the functions of the modules and the messages they exchange, and the sequence of messages, i.e. transitions of the transaction; 2) the system responsibility from receiving an access request until sending the result. i.e. a complete transaction; 3) the responsibilities of the modules, including time stamping and responding to the requests they received; and 4) the sequence and semantics of the messages and their elements.

  • Standard
    14 pages
    English language
    sale 15% off
  • Standard
    14 pages
    English language
    sale 15% off

ISO/IEC 17826:2012 specifies the interface to access cloud storage and to manage the data stored therein. It is applicable to developers who are implementing or using cloud storage.

  • Standard
    224 pages
    English language
    sale 15% off