Information technology — Cloud computing — Part 1: Vocabulary

This document defines terms used in the field of cloud computing.

Technologies de l'information — Informatique en nuage — Partie 1: Vocabulaire

General Information

Status
Published
Publication Date
09-Feb-2023
Current Stage
6060 - International Standard published
Start Date
10-Feb-2023
Due Date
15-Mar-2024
Completion Date
10-Feb-2023
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 22123-1:2023 - Information technology — Cloud computing — Part 1: Vocabulary Released:2/10/2023
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/IEC FDIS 22123-1 - Information technology — Cloud computing — Part 1: Vocabulary Released:28. 10. 2022
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/IEC FDIS 22123-1 - Information technology — Cloud computing — Part 1: Vocabulary Released:28. 10. 2022
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 22123-1
Second edition
2023-02
Information technology — Cloud
computing —
Part 1:
Vocabulary
Technologies de l'information — Informatique en nuage —
Partie 1: Vocabulaire
Reference number
ISO/IEC 22123-1:2023(E)
© ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC 22123-1:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 22123-1:2023(E)
Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to cloud computing foundation . 1
3.2 Terms related to cloud deployment models. 2
3.3 Terms related to cloud computing roles and activities . 3
3.4 Terms related to key cloud computing characteristics . 4
3.5 Terms related to cloud capabilities types and cloud service categories . 5
3.6 Terms related to interoperability . 6
3.7 Terms related to cloud service agreements. 7
3.8 Terms related to cloud portability . 8
3.9 Terms related to cloud data . 9
3.10 Terms related to security and privacy .12
3.11 Terms related to inter-cloud . .12
3.12 Terms related to virtualization .12
3.13 Miscellaneous terms .13
3.14 Terms relating to multiplicity and organization of cloud services . 15
Bibliography .16
Index .17
iii
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/IEC 22123-1:2023(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 38, Cloud Computing and Distributed Platforms.
This second edition of ISO/IEC 22123-1 cancels and replaces ISO/IEC 17788:2014 and
ISO/IEC 22123-1:2021, which have been technically revised.
The main changes are as follows:
— the definition for hybrid cloud was changed;
— definitions for CSC role, CSP role, and CSN role were added;
— the definitions for CSC, CSP, and CSN were revised to leverage CSC role, CSP role, and CSN role,
respectively;
— the ISO/IEC 27000 definitions for confidentiality, integrity, and information security were removed;
— the definition of inter-cloud computing was changed;
— terms relating to multi-cloud were added;
— peer cloud service and peer cloud service provider were replaced with secondary cloud service and
secondary cloud service provider, respectively; and
— terms relating to multiplicity and organization of cloud services were added into a new subclause.
A list of all parts in the ISO/IEC 22123 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iv
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 4 ----------------------
INTERNATIONAL STANDARD ISO/IEC 22123-1:2023(E)
Information technology — Cloud computing —
Part 1:
Vocabulary
1 Scope
This document defines terms used in the field of cloud computing.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms related to cloud computing foundation
3.1.1
cloud computing
paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual
resources with self-service provisioning and administration on-demand
Note 1 to entry: Examples of resources include servers, operating systems, networks, software, applications, and
storage equipment.
Note 2 to entry: Self-service provisioning refers to the provisioning of resources provided to cloud services (3.1.2)
performed by cloud service customers (3.3.2) through automated means.
3.1.2
cloud service
one or more capabilities offered via cloud computing (3.1.1) invoked using a defined interface
3.1.3
cloud solution
cloud services (3.1.2) combined and controlled to meet cloud service customer (3.3.2) requirements
Note 1 to entry: A cloud solution can use any combination of cloud deployment models (3.2.1).
1
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC 22123-1:2023(E)
3.2 Terms related to cloud deployment models
3.2.1
cloud deployment model
way in which cloud computing (3.1.1) can be organized based on the control and sharing of physical or
virtual resources
Note 1 to entry: Examples of cloud deployment models include community cloud (3.2.1), hybrid cloud (3.2.3), private
cloud (3.2.4) and public cloud (3.2.5).
3.2.2
community cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) exclusively support and are shared by a
specific collection of cloud service customers (3.3.2) who have shared requirements and a relationship
with one another, and where resources are controlled by at least one member of this collection
3.2.3
hybrid cloud
cloud deployment model (3.2.1) that uses a private cloud (3.2.4) and a public cloud (3.2.5)
3.2.4
private cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) are used exclusively by a single cloud service
customer (3.3.2) and resources are controlled by that cloud service customer (3.3.2)
3.2.5
public cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) are potentially available to any cloud service
customer (3.3.2) and resources are controlled by the cloud service provider (3.3.3)
3.2.6
multi-cloud
multicloud
cloud deployment model (3.2.1) in which a cloud service customer (3.3.2) uses public cloud services (3.1.2)
provided by two or more cloud service providers (3.3.3)
Note 1 to entry: The cloud service customer (3.3.2) is responsible for integration and management of these cloud
services (3.1.2) to form a cloud solution (3.1.3).
3.2.7
cloud service federation
two or more cloud service providers (3.3.3) bound together by an agreed set of policies, processes and
trust in order to provide cloud services (3.1.2)
3.2.8
federated cloud
cloud deployment model (3.2.1) in which the cloud services (3.1.2) are provided by members of a cloud
service federation (3.2.7)
3.2.9
hybrid multi-cloud
cloud deployment model (3.2.1) in which a cloud service customer (3.3.2) uses cloud services (3.1.2) from
a hybrid cloud (3.2.3) and a multi-cloud (3.2.6)
2
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 22123-1:2023(E)
3.2.10
inter-cloud
intercloud
cloud deployment model (3.2.1) in which a cloud service provider (3.3.3) offers a cloud service (3.1.2) by
using one or more cloud services (3.1.2) provide by other cloud service providers (3.3.3)
Note 1 to entry: The primary cloud service provider (3.11.2) provides the cloud service typically via intermediation,
aggregation, or arbitrage of the cloud services provided by secondary cloud service providers (3.11.4).
3.3 Terms related to cloud computing roles and activities
3.3.1
party
natural person, legal person or a group of either, whether or not incorporated, that can assume one or
more roles (3.3.10)
3.3.2
cloud service customer
CSC
party (3.3.1) that is acting in a cloud service customer role (3.3.14)
3.3.3
cloud service provider
CSP
party (3.3.1) that is acting in a cloud service provider role (3.3.15)
3.3.4
cloud service user
CSU
natural person, or entity acting on their behalf, associated with a cloud service customer (3.3.2) that
uses cloud services (3.1.2)
Note 1 to entry: Examples of such entities include devices (3.13.4) and applications.
3.3.5
cloud service partner
CSN
party (3.3.1) that is acting in a cloud service partner role (3.3.16)
3.3.6
cloud auditor
cloud service partner (3.3.5) with the responsibility to conduct an audit (3.13.10) of the provision and
use of cloud services (3.1.2)
3.3.7
cloud service broker
cloud service partner (3.3.5) that negotiates relationships between cloud service customers (3.3.2) and
cloud service providers (3.3.3)
3.3.8
activity
specified pursuit or set of tasks
3.3.9
functional component
functional building block needed to engage in an activity (3.3.8), backed by an implementation
3.3.10
role
set of activities (3.3.8) that serves a common purpose
3
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 22123-1:2023(E)
3.3.11
sub-role
subset of the activities (3.3.8) of a given role (3.3.10)
3.3.12
device platform cloud service
cloud service (3.1.2) offered by the device platform provider (3.13.13) to support the device platform
(3.13.5)
Note 1 to entry: An application marketplace (3.13.6) can be an example of device platform (3.13.5) cloud service
(3.1.2).
3.3.13
cloud service developer
cloud service partner (3.3.5) with the responsibility for designing, developing, testing and maintaining
the implementation of a cloud service (3.1.2)
3.3.14
cloud service customer role
CSC role
set of activities (3.3.8) for the purpose of using cloud services (3.1.2)
3.3.15
cloud service provider role
CSP role
set of activities (3.3.8) that make cloud services (3.1.2) available
3.3.16
cloud service partner role
CSN role
set of activities (3.3.8) that support, or are auxiliary to, either the cloud service provider role (3.3.15) or
the cloud service customer role (3.3.14), or both
3.4 Terms related to key cloud computing characteristics
3.4.1
measured service
metered delivery of cloud services (3.1.2) such that usage can be monitored, controlled, reported and
billed
3.4.2
tenant
one or more cloud service users (3.3.4) sharing access to a set of physical and virtual resources
3.4.3
multi-tenancy
allocation of physical or virtual resources such that multiple tenants (3.4.2) and their computations and
data are isolated from and inaccessible to one another
3.4.4
on-demand self-service
feature where a cloud service customer (3.3.2) can provision computing capabilities, as needed,
automatically or with minimal interaction with the cloud service provider (3.3.3)
3.4.5
resource pooling
aggregation of a cloud service provider’s (3.3.3) physical or virtual resources to serve one or more cloud
service customers (3.3.2)
4
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 22123-1:2023(E)
3.5 Terms related to cloud capabilities types and cloud service categories
3.5.1
cloud capabilities type
classification of the functionality provided by a cloud service (3.1.2) to the cloud service customer (3.3.2),
based on resources used
Note 1 to entry: The cloud capabilities types are application capabilities type (3.5.2), infrastructure capabilities
type (3.5.3) and platform capabilities type (3.5.4).
3.5.2
application capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can use the cloud service
provider’s (3.3.3) applications
3.5.3
infrastructure capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can provision and use
processing, storage or networking resources
3.5.4
platform capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can deploy, manage and run
customer-created or customer-acquired applications using one or more programming languages and
one or more execution environments supported by the cloud service provider (3.3.3)
3.5.5
cloud service category
group of cloud services (3.1.2) that possess some common set of qualities
Note 1 to entry: A cloud service category can include capabilities from one or more cloud capabilities types (3.5.1).
3.5.6
communications as a service
CaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is
real time interaction and collaboration
Note 1 to entry: CaaS can provide both application capabilities type (3.5.2) and platform capabilities type (3.5.4).
3.5.7
compute as a service
CompaaS
cloud service category (3.5.5) in which the capabilities provided to the cloud service customer (3.3.2) are
the provision and use of processing resources needed to deploy and run software
Note 1 to entry: To run some software, capabilities other than processing resources are potentially needed.
3.5.8
data storage as a service
DSaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is the
provision and use of data storage and related capabilities
Note 1 to entry: DSaaS can provide any of the three cloud capabilities types (3.5.1).
5
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 22123-1:2023(E)
3.5.9
infrastructure as a service
IaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is an infrastructure capabilities type (3.5.3)
Note 1 to entry: The cloud service customer (3.3.2) does not manage or control the underlying physical and
virtual resources, but does have control over operating systems, storage, and deployed applications that use the
physical and virtual resources. The cloud service customer (3.3.2) can also have limited ability to control certain
networking components (e.g., host firewalls).
3.5.10
network as a service
NaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is
transport connectivity and related network capabilities
Note 1 to entry: Network as a service can provide any of the three cloud capabilities types (3.5.1).
3.5.11
platform as a service
PaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is a platform capabilities type (3.5.4)
3.5.12
software as a service
SaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is an application capabilities type (3.5.2)
3.6 Terms related to interoperability
3.6.1
interoperability
ability of two or more systems or applications to exchange information and to mutually use the
information that has been exchanged
3.6.2
cloud interoperability
ability of a cloud service customer’s (3.3.2) system to interact with a cloud service (3.1.2), or the ability
for one cloud service (3.1.2) to interact with other cloud services (3.1.2), by exchanging information
according to a prescribed method to obtain predictable results
3.6.3
transport interoperability
interoperability (3.6.1) where information exchange uses an established communication infrastructure
between the participating systems
3.6.4
syntactic interoperability
interoperability (3.6.1) such that the formats of the exchanged information can be understood by the
participating systems
3.6.5
semantic data interoperability
interoperability (3.6.1) so that the meaning of the data model within the context of a subject area is
understood by the participating systems
6
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC 22123-1:2023(E)
3.6.6
behavioural interoperability
interoperability (3.6.1) so that the actual result of the exchange achieves the expected outcome
3.6.7
policy interoperability
interoperability (3.6.1) while complying with the legal, organizational, and policy frameworks applicable
to the participating systems
3.7 Terms related to cloud service agreements
3.7.1
service level agreement
SLA
documented agreement between the service provider and customer that identifies services and service
targets
Note 1 to entry: A service level agreement can also be established between the service provider and a supplier, an
internal group or a customer acting as a supplier.
Note 2 to entry: A service level agreement can be included in a contract or another type of documented agreement.
3.7.2
cloud service product
cloud service (3.1.2), allied to the set of business terms under which the cloud service (3.1.2) is offered
Note 1 to entry: Business terms can include pricing, rating, and service levels.
3.7.3
product catalogue
listing of all the cloud service products (3.7.2) which cloud service providers (3.3.3) make available to
cloud service customers (3.3.2)
3.7.4
service catalogue
listing of all the cloud services (3.1.2) of a particular cloud service provider (3.3.3)
3.7.5
cloud service qualitative objective
cloud SQO
commitment a cloud service provider (3.3.3) makes for a specific, qualitative characteristic of a cloud
service (3.1.2), where the value follows the nominal scale or ordinal scale
Note 1 to entry: A cloud service qualitative objective can be expressed as an enumerated list.
Note 2 to entry: Qualitative characteristics typically require human interpretation.
Note 3 to entry: The ordinal scale allows for existence/nonexistence.
3.7.6
cloud service level agreement
cloud SLA
part of the cloud service agreement (3.7.8) that includes cloud service level objectives (3.7.7) and cloud
service qualitative objectives (3.7.5) for the covered cloud service(s) (3.1.2)
Note 1 to entry: A cloud service level agreement is a service level agreement (3.7.1) used in the context of cloud
computing (3.1.1).
7
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 22123-1:2023(E)
3.7.7
cloud service level objective
cloud SLO
commitment a cloud service provider (3.3.3) makes for a specific, quantitative characteristic of a cloud
service (3.1.2), where the value follows the interval scale or ratio scale
Note 1 to entry: A cloud service level objective commitment can be expressed as a range.
3.7.8
cloud service agreement
documented agreement between the cloud service provider (3.3.3) and cloud service customer (3.3.2)
that governs the covered cloud service(s) (3.1.2)
Note 1 to entry: A cloud service agreement can consist of one or more parts recorded in one or more documents.
3.7.9
metric
standard of measurement that defines the conditions and the rules for performing the measurement
and for understanding the results of a measurement
Note 1 to entry: A metric implements a particular abstract metric concept.
Note 2 to entry: A metric is to be applied in practice within a given context that requires specific properties to be
measured, at a given time(s) for a specific goal.
3.7.10
failure notification policy
policy specifying the processes by which the cloud service customer (3.3.2) and cloud service partner
(3.3.5) can notify the cloud service provider (3.3.3) of a service outage and by which the cloud service
provider (3.3.3) can notify the cloud service customer (3.3.2) and cloud service partner (3.3.5) that a
service outage has occurred
Note 1 to entry: The policy can also include the process for providing updates on service outages, who receives
notifications and updates, the maximum time between the detection of a service outage and the issuance of a
notice of service outage, the maximum time interval between service outage updates and how service outage
updates are described.
3.7.11
remedy
compensation available to the cloud service customer (3.3.2) in the event the cloud service provider
(3.3.3) fails to meet a specified cloud service level objective (3.7.7)
Note 1 to entry: This definition of the term in English is based on the "legal reparation" meaning defined in The
Shorter Oxford English Dictionary.
3.8 Terms related to cloud portability
3.8.1
cloud application portability
ability to migrate an application from one cloud service (3.1.2) to another cloud service (3.1.2)
3.8.2
data portability
ability to easily transfer data from one system to another without being required to re-enter data
Note 1 to entry: It is the ease of moving the data that is the essence here. This can be achieved by the source
system supplying the data in exactly the format that is accepted by the target system. But even if the formats
do not match, the transformation between them can be simple and straightforward to achieve with commonly
available tools. On the other hand, a process of printing out the data and rekeying it for the target system cannot
be described as "easy."
8
  © ISO/IEC 2023 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/IEC 22123-1:2023(E)
3.8.3
cloud data portability
data portability (3.8.2) from one cloud service (3.1.2) to another cloud service (3.1.2)
3.8.4
data syntactic portability
data portability (3.8.2) using data formats that can be decoded on the target
3.8.5
data semantic portability
data portability (3.8.2) such that the meaning of the data model is understood within the context of a
subject area by the target
3.8.6
data policy portability
data portability (3.8.2) while complying with the legal, organizational and policy frameworks applicable
to both the source and target
3.8.7
application portability
ability to migrate an application from a source system to a target system
3.8.8
application syntactic portability
application portability (3.8.7) where the format of the application artefacts can be decoded on the target
3.8.9
application instruction portability
application portability (3.8.7) so that the application's instruction set executes on the target
3.8.10
application metadata portability
application portability (3.8.7) so that the application's metadata is retained and understood on the
target
3.8.11
application behaviour portability
application portability (3.8.7) so that execution on the target produces equivalent results to those
produced on the source
3.8.12
application policy portability
application portability (3.8.7) while complying with the legal, organizational and policy frameworks
applicable to the source and target
3.9 Terms related to cloud data
3.9.1
cloud service customer data
class of data objects under the control, by legal or other reasons, of the cloud service customer (3.3.2)
that were input to the cloud service (3.1.2), or resulted from exercising the capabilities of the cloud
service (3.1.2) by or on behalf of the cloud service customer (3.3.2) via the published interface of the
cloud service (3.1.2)
Note 1 to entry: An example of legal controls is copyright.
9
© ISO/IEC 2023 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 22123-1:2023(E)
Note 2 to entry: It can be that the cloud service (3.1.2) contains or operates on data that is not cloud service
customer data; this can be data made available by the cloud service providers (3.3.3), or obtained from another
source, or it can be publicly available data. However, any output data produced by the actions of the cloud service
customer (3.3.2) using the capabilities of the cloud service (3.1.2) on this data is likely to be cloud service customer
data, following the general principles of copyright, unless there are specific provisions in the cloud service
agreement (3.7.8) to the contrary.
3.9.2
cloud service derived data
class of data objects under cloud service provider (3.3.3) control that are derived as a result of interaction
with the cloud service (3.1.2) by the cloud service customer (3.3.2)
Note 1 to entry: Cloud service derived data includes log data containing records of who used the service, at what
times, which functions, types of data involved and so on. It can also include information about the numbers of
authorized users and their identities. It can also include any configuration or customization data, where the cloud
service (3.1.2) has such configuration and customization capabilities.
3.9.3
cloud service provider data
class of data objects, specific to the operation of the cloud service (3.1.2), under the control of the cloud
service provider (3.3.3)
Note 1 to entry: Cloud service provider data includes but is not limited to resource configuration and utilization
information, cloud service (3.1.2) specific virtual machine (3.12.2), storage and network resource allocations,
overall data centre configuration and utilization, physical and virtual resource failure rates, operational costs
and so on.
3.9.4
account data
class of data specific to each cloud service customer (3.3.2) that is required to administer the cloud
service (3.1.2)
Note 1 to entry: Account data is typically generated when a cl
...

ISO/IEC FDIS 22123-1:2022(E)
Date: 2022-09-27
ISO/IEC JTC 1/SC 38/WG 3
Secretariat: ANSI
Date: 2022-10-28
Information technology — Cloud computing — —
Part 1:
Vocabulary
Technologies de l'information — Informatique en nuage —
Partie 1: Vocabulaire
FDIS stage

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
© ISO/IEC 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can
be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Fax: +41 22 749 09 47
EmailE-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ii © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Contents
Foreword . iv
Part 1: Vocabulary . 1
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to cloud computing foundation . 1
3.2 Terms related to cloud deployment models . 1
3.3 Terms related to cloud computing roles and activities . 3
3.4 Terms related to key cloud computing characteristics . 4
3.5 Terms related to cloud capabilities types and cloud service categories . 5
3.6 Terms related to interoperability . 6
3.7 Terms related to cloud service agreements . 7
3.8 Terms related to cloud portability . 9
3.9 Terms related to cloud data . 10
3.10 Terms related to security and privacy . 12
3.11 Terms related to inter-cloud . 12
3.12 Terms related to virtualization . 13
3.13 Miscellaneous terms . 13
3.14 Terms relating to multiplicity and organization of cloud services . 15
Bibliography . 17
Index . 18

© ISO/IEC 2022 – All rights reserved iii
© ISO/IEC 2022 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of document should be noted. This document was drafted in accordance with the editorial
rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Field Code Changed
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent
declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
Field Code Changed
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 38, Cloud Computing and Distributed Platforms.
The main changes are as follows:
— — the definition for hybrid cloud was changed;
— — definitions for CSC role, CSP role, and CSN role were added;
— — the definitions for CSC, CSP, and CSN were revised to leverage CSC role, CSP role, and CSN role,
respectively;
— — the ISO/IEC 27000 definitions for confidentiality, integrity, and information security were
removed;
— — the definition of inter-cloud computing was changed;
— — terms relating to multi-cloud were added;
— — peer cloud service and peer cloud service provider were replaced with secondary cloud service
and secondary cloud service provider, respectively; and
— — terms relating to multiplicity and organization of cloud services were added into a new sub-
clausesubclause.
A list of all parts in the ISO/IEC 22123 series can be found on the ISO websiteand IEC websites.
iv
iv © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© ISO/IEC 2022 – All rights reserved v
© ISO/IEC 2022 – All rights reserved v

---------------------- Page: 5 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/IEC FDIS 22123-1:2022(E)

Information technology — Cloud computing — —
Part 1:
Vocabulary
1 Scope
This document providesdefines terms and definitions for vocabulary used in the field of cloud computing.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
3.1 General
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— — ISO Online browsing platform: available at https://www.iso.org/obp
— — IEC Electropedia: available at https://www.electropedia.org/
3.23.1 Terms related to cloud computing foundation
3.21.1
cloud computing
paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual
resources with self-service provisioning and administration on-demand
Note 1 to entry: Examples of resources include servers, operating systems, networks, software, applications, and
storage equipment.
Note 2 to entry: Self-service provisioning refers to the provisioning of resources provided to cloud services
(3.1.2(3.2.2)) performed by cloud service customers (3.3.2(3.4.2)) through automated means.
3.21.2
cloud service
one or more capabilities offered via cloud computing (3.1.1(3.2.1)) invoked using a defined interface
3.21.3
cloud solution
cloud services (3.1.2(3.2.2)) combined and controlled to meet cloud service customer (3.3.2(3.4.2))
requirements
Note 1 to entry: A cloud solution can use any combination of cloud deployment models (3.2.1(3.3.1).).
3.33.2 Terms related to cloud deployment models
3.32.1
cloud deployment model
way in which cloud computing (3.1.1(3.2.1)) can be organized based on the control and sharing of physical
or virtual resources
© ISO/IEC 2022 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Note 1 to entry: Examples of cloud deployment models include community cloud (3.2.1(3.3.2),), hybrid cloud
(3.2.3(3.3.3),), private cloud (3.2.4(3.3.4)) and public cloud (3.2.5(3.3.5).).
3.32.2
community cloud
cloud deployment model (3.2.1(3.3.1)) where cloud services (3.1.2(3.2.2)) exclusively support and are
shared by a specific collection of cloud service customers (3.3.2(3.4.2)) who have shared requirements
and a relationship with one another, and where resources are controlled by at least one member of this
collection
3.32.3
hybrid cloud
cloud deployment model (3.2.1(3.3.1)) that uses a private cloud (3.2.4(3.3.4)) and a public cloud
(3.2.5(3.3.5))
3.3.4
3.2.4
private cloud
cloud deployment model (3.2.1(3.3.1)) where cloud services (3.1.2(3.2.2)) are used exclusively by a single
cloud service customer (3.3.2(3.4.2)) and resources are controlled by that cloud service customer
(3.3.2(3.4.2))
3.32.5
public cloud
cloud deployment model (3.2.1(3.3.1)) where cloud services (3.1.2(3.2.2)) are potentially available to any
cloud service customer (3.3.2(3.4.2)) and resources are controlled by the cloud service provider
(3.3.3(3.4.3))
3.32.6
multi-cloud
multicloud
cloud deployment model (3.2.1(3.3.1)) in which a cloud service customer (3.3.2(3.4.2)) uses public
cloudservices (3.1.2cloud services (3.2.2)) provided by two or more cloud service providers (3.3.3(3.4.3))
Note 1 to entry: The cloud service customer (3.3.2(3.4.2)) is responsible for integration and management of these
cloud services (3.1.2(3.2.2)) to form a cloud solution (3.1.3(3.2.3).).
3.32.7
cloud service federation
two or more cloud service providers (3.3.3(3.4.3)) bound together by an agreed set of policies, processes
and trust in order to provide cloud services (3.1.2(3.2.2))
3.32.8
federated cloud
cloud deployment model (3.2.1(3.3.1)) in which the cloud services (3.1.2(3.2.2)) are provided by members
of a cloud service federation (3.2.7(3.3.7))
3.3.2.9
hybrid multi-cloud
cloud deployment model (3.2.1(3.3.1)) in which a cloud service customer (3.3.2(3.4.2)) uses cloud services
(3.1.2(3.2.2)) from a hybridcloud (3.2.3hybrid cloud (3.3.3)) and a multi-cloud (3.2.6(3.3.6) )
2
2 © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.3.62.10
inter-cloud
intercloud
cloud deployment model (3.2.1(3.3.1)) in which a cloud service provider (3.3.3(3.4.3)) offers a cloud service
(3.1.2(3.2.2)) by using one or more cloud services (3.1.2(3.2.2)) provide by other cloud service providers
(3.3.3(3.4.3))
3.43.3 Terms related to cloud computing roles and activities
3.43.1
party
natural person, legal person or a group of either, whether or not incorporated, that can assume one or
more roles (3.3.10(3.4.10))
3.43.2
cloud service customer
CSC
party (3.3.1(3.4.1)) that is acting in a cloud service customer role (3.3.14(3.4.14))
3.43.3
cloud service provider
CSP
party (3.3.1(3.4.1)) that is acting in a cloud service provider role (3.3.15(3.4.15))
3.3.4
3.4.4
cloud service user
CSU
natural person, or entity acting on their behalf, associated with a cloud service customer (3.3.2(3.4.2)) that
uses cloud services (3.1.2(3.2.2))
Note 1 to entry: Examples of such entities include devices (3.13.4(3.14.4)) and applications.
3.43.5
cloud service partner
CSN
party (3.3.1(3.4.1)) that is acting in a cloud service partner role (3.3.16(3.4.16))
3.43.6
cloud auditor
cloud service partner (3.3.5(3.4.5)) with the responsibility to conduct an audit (3.13.10(3.14.10)) of the
provision and use of cloud services (3.1.2(3.2.2))
3.43.7
cloud service broker
cloud service partner (3.3.5(3.4.5)) that negotiates relationships between cloud service customers
(3.3.2(3.4.2)) and cloud service providers (3.3.3(3.4.3))
3.43.8
activity
specified pursuit or set of tasks
3.43.9
functional component
functional building block needed to engage in an activity (3.3.8(3.4.8),), backed by an implementation
© ISO/IEC 2022 – All rights reserved 3
© ISO/IEC 2022 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.43.10
role
set of activities (3.3.8(3.4.8)) that serves a common purpose
3.43.11
sub-role
subset of the activities (3.3.8(3.4.8)) of a given role (3.3.10(3.4.10))
3.43.12
device platform cloud service
cloud service (3.1.2(3.2.2)) offered by the device platform provider (3.13.13(3.14.13)) to support the
device platform (3.13.5(3.14.5))
Note 1 to entry: An application marketplace (3.13.6(3.14.6)) can be an example of device platform (3.13.5(3.14.5)
)cloud service (3.1.2(3.2.2).).
3.43.13
cloud service developer
cloud service partner (3.3.5(3.4.5)) with the responsibility for designing, developing, testing and
maintaining the implementation of a cloud service (3.1.2(3.2.2))
3.43.14
cloud service customer role
CSC role
set of activities (3.3.8(3.4.8)) for the purpose of using cloud services (3.1.2(3.2.2))
3.43.15
cloud service provider role
CSP role
set of activities (3.3.8(3.4.8)) that make cloud services (3.1.2(3.2.2)) available
3.43.16
cloud service partner role
CSN role
set of activities (3.3.8(3.4.8)) that support, or are auxiliary to, either the cloud service provider role
(3.3.15(3.4.15)) or the cloud service customerrole (3.3.14customer role (3.4.14),), or both
3.53.4 Terms related to key cloud computing characteristics
3.54.1
measured service
metered delivery of cloud services (3.1.2(3.2.2)) such that usage can be monitored, controlled, reported
and billed
3.54.2
tenant
one or more cloud service users (3.3.4(3.4.4)) sharing access to a set of physical and virtual resources
3.54.3
multi-tenancy
allocation of physical or virtual resources such that multiple tenants (3.4.2(3.5.2)) and their computations
and data are isolated from and inaccessible to one another
3.54.4
on-demand self-service
feature where a cloud service customer (3.3.2(3.4.2)) can provision computing capabilities, as needed,
automatically or with minimal interaction with the cloud service provider (3.3.3(3.4.3))
4
4 © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.54.5
resource pooling
aggregation of a cloud service provider’s (3.3.3(3.4.3)) physical or virtual resources to serve one or more
cloud service customers (3.3.2(3.4.2))
3.63.5 Terms related to cloud capabilities types and cloud service categories
3.65.1
cloud capabilities type
classification of the functionality provided by a cloud service (3.1.2(3.2.2)) to the cloud service customer
(3.3.2(3.4.2),), based on resources used
Note 1 to entry: The cloud capabilities types are application capabilities type (3.5.2(3.6.2),), infrastructure
capabilities type (3.5.3(3.6.3)) and platform capabilities type (3.5.4(3.6.4).).
3.65.2
application capabilities type
cloud capabilities type (3.5.1(3.6.1)) in which the cloud service customer (3.3.2(3.4.2)) can use the cloud
service provider’s (3.3.3(3.4.3)) applications
3.65.3
infrastructure capabilities type
cloud capabilities type (3.5.1(3.6.1)) in which the cloud service customer (3.3.2(3.4.2)) can provision and
use processing, storage or networking resources
3.65.4
platform capabilities type
cloud capabilities type (3.5.1(3.6.1)) in which the cloud service customer (3.3.2(3.4.2)) can deploy, manage
and run customer-created or customer-acquired applications using one or more programming languages
and one or more execution environments supported by the cloud service provider (3.3.3(3.4.3))
3.5.5
3.6.5
cloud service category
group of cloud services (3.1.2(3.2.2)) that possess some common set of qualities
Note 1 to entry: A cloud service category can include capabilities from one or more cloud capabilities types
(3.5.1(3.6.1).).
3.65.6
communications as a service
CaaS
cloud service category (3.5.5(3.6.5)) in which the capability provided to the cloud service customer
(3.3.2(3.4.2)) is real time interaction and collaboration
Note 1 to entry: CaaS can provide both application capabilities type (3.5.2(3.6.2)) and platform capabilities type
(3.5.4(3.6.4).).
3.65.7
compute as a service
CompaaS
cloud service category (3.5.5(3.6.5)) in which the capabilities provided to the cloud service customer
(3.3.2(3.4.2)) are the provision and use of processing resources needed to deploy and run software
Note 1 to entry: To run some software, capabilities other than processing resources are potentially needed.
© ISO/IEC 2022 – All rights reserved 5
© ISO/IEC 2022 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.65.8
data storage as a service
DSaaS
cloud service category (3.5.5(3.6.5)) in which the capability provided to the cloud service customer
(3.3.2(3.4.2)) is the provision and use of data storage and related capabilities
Note 1 to entry: DSaaS can provide any of the three cloud capabilities types (3.5.1(3.6.1).).
3.65.9
infrastructure as a service
IaaS
cloud service category (3.5.5(3.6.5)) in which the cloud capabilities type (3.5.1(3.6.1)) provided to the
cloud service customer (3.3.2(3.4.2)) is an infrastructure capabilities type (3.5.3(3.6.3))
Note 1 to entry: The cloud service customer (3.3.2(3.4.2)) does not manage or control the underlying physical and
virtual resources, but does have control over operating systems, storage, and deployed applications that use the
physical and virtual resources. The cloud service customer (3.3.2(3.4.2)) can also have limited ability to control
certain networking components (e.g., host firewalls).
3.65.10
network as a service
NaaS
cloud service category (3.5.5(3.6.5)) in which the capability provided to the cloud service customer
(3.3.2(3.4.2)) is transport connectivity and related network capabilities
Note 1 to entry: Network as a service can provide any of the three cloud capabilities types (3.5.1(3.6.1).).
3.65.11
platform as a service
PaaS
cloud service category (3.5.5(3.6.5)) in which the cloud capabilities type (3.5.1(3.6.1)) provided to the
cloud service customer (3.3.2(3.4.2)) is a platform capabilities type (3.5.4(3.6.4))
3.65.12
software as a service
SaaS
cloud service category (3.5.5(3.6.5)) in which the cloud capabilities type (3.5.1(3.6.1)) provided to the
cloud service customer (3.3.2(3.4.2)) is an application capabilities type (3.5.2(3.6.2))
3.73.6 Terms related to interoperability
3.76.1
interoperability
ability of two or more systems or applications to exchange information and to mutually use the
information that has been exchanged
3.76.2
cloud interoperability
ability of a cloud service customer’s (3.3.2(3.4.2)) system to interact with a cloud service (3.1.2(3.2.2),), or
the ability for one cloud service (3.1.2(3.2.2)) to interact with other cloud services (3.1.2(3.2.2),), by
exchanging information according to a prescribed method to obtain predictable results
3.76.3
transport interoperability
interoperability (3.6.1(3.7.1)) where information exchange uses an established communication
infrastructure between the participating systems
6
6 © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.76.4
syntactic interoperability
interoperability (3.6.1(3.7.1)) such that the formats of the exchanged information can be understood by
the participating systems
3.7.5
3.6.5
semantic data interoperability
interoperability (3.6.1(3.7.1)) so that the meaning of the data model within the context of a subject area
is understood by the participating systems
3.76.6
behavioural interoperability
interoperability (3.6.1(3.7.1)) so that the actual result of the exchange achieves the expected outcome
3.76.7
policy interoperability
interoperability (3.6.1(3.7.1)) while complying with the legal, organizational, and policy frameworks
applicable to the participating systems
3.83.7 Terms related to cloud service agreements
3.87.1
service level agreement
SLA
documented agreement between the service provider and customer that identifies services and service
targets
Note 1 to entry: A service level agreement can also be established between the service provider and a supplier, an
internal group or a customer acting as a supplier.
Note 2 to entry: A service level agreement can be included in a contract or another type of documented agreement.
3.87.2
cloud service product
cloud service (3.1.2(3.2.2),), allied to the set of business terms under which the cloud service (3.1.2(3.2.2))
is offered
Note 1 to entry: Business terms can include pricing, rating, and service levels.
3.87.3
product catalogue
listing of all the cloud service products (3.7.2(3.8.2)) which cloud service providers (3.3.3(3.4.3)) make
available to cloud service customers (3.3.2(3.4.2))
3.87.4
service catalogue
listing of all the cloud services (3.1.2(3.2.2)) of a particular cloud service provider (3.3.3(3.4.3))
3.87.5
cloud service qualitative objective
cloud SQO
commitment a cloud service provider (3.3.3(3.4.3)) makes for a specific, qualitative characteristic of a
cloud service (3.1.2(3.2.2),), where the value follows the nominal scale or ordinal scale
Note 1 to entry: A cloud service qualitative objective can be expressed as an enumerated list.
© ISO/IEC 2022 – All rights reserved 7
© ISO/IEC 2022 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Note 2 to entry: Qualitative characteristics typically require human interpretation.
Note 3 to entry: The ordinal scale allows for existence/nonexistence.
3.87.6
cloud service level agreement
cloud SLA
part of the cloud service agreement (3.7.8(3.8.8)) that includes cloud service level objectives (3.7.7(3.8.7))
and cloud servicecloudservice qualitative objectives (3.7.5(3.8.5)) for the covered cloud service(s)
(3.1.2(3.2.2))
Note 1 to entry: A cloud service level agreement is a service level agreement (3.7.1(3.8.1)) used in the context of cloud
computing (3.1.1(3.2.1).).
3.87.7
cloud service level objective
cloud SLO
commitment a cloud service provider (3.3.3(3.4.3)) makes for a specific, quantitative characteristic of a
cloud service (3.1.2(3.2.2),), where the value follows the interval scale or ratio scale
Note 1 to entry: A cloud service level objective commitment can be expressed as a range.
3.87.8
cloud service agreement
documented agreement between the cloud service provider (3.3.3(3.4.3)) and cloud service customer
(3.3.2(3.4.2)) that governs the covered cloud service(s) (3.1.2(3.2.2))
Note 1 to entry: A cloud service agreement can consist of one or more parts recorded in one or more documents.
3.87.9
metric
standard of measurement that defines the conditions and the rules for performing the measurement and
for understanding the results of a measurement
Note 1 to entry: A metric implements a particular abstract metric concept.
Note 2 to entry: A metric is to be applied in practice within a given context that requires specific properties to be
measured, at a given time(s) for a specific goal.
3.87.10
failure notification policy
policy specifying the processes by which the cloud service customer (3.3.2(3.4.2)) and cloud service
partner (3.3.5(3.4.5)) can notify the cloud service provider (3.3.3(3.4.3)) of a service outage and by which
the cloud service provider (3.3.3(3.4.3)) can notify the cloud service customer (3.3.2(3.4.2)) and cloud
service partner (3.3.5(3.4.5)) that a service outage has occurred
Note 1 to entry: The policy can also include the process for providing updates on service outages, who receives
notifications and updates, the maximum time between the detection of a service outage and the issuance of a notice
of service outage, the maximum time interval between service outage updates and how service outage updates are
described.
3.87.11
remedy
compensation available to the cloud service customer (3.3.2(3.4.2)) in the event the cloud service provider
(3.3.3(3.4.3)) fails to meet a specified cloud service level objective (3.7.7(3.8.7))
Note 1 to entry: This definition of the term in English is based on the "legal reparation" meaning defined in The
Shorter Oxford English Dictionary.
8
8 © ISO/IEC 2022 – All rights reserved
 © ISO/IEC 2022 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.93.8 Terms related to cloud portability
3.98.1
cloud application portability
ability to migrate an application from one cloud service (3.1.2(3.2.2)) to another cloud service
(3.1.2(3.2.2))
3.98.2
data portability
ability to easily transfer data from one system to another without being required to re-enter data
Note 1 to entry: It is the ease of moving the data that is the essence here. This can be achieved by the source system
supplying the data in exactly the format that is accepted by the target system. But even if the formats do not match,
the transformation between them can be simple and straightforward to achieve with commonly available tools. On
the other hand, a process of printing out the data and rekeying it for the target system cannot be described as "easy."
3.98.3
cloud data portability
data portability (3.8.2(3.9.2)) from one cloud service (3.1.2(3.2.2)) to another cloud service (3.1.2(3.2.2))
3.98.4
data syntactic portability
data portability (3.8.2(3.9.2)) using data formats that can be decoded on the target
3.9.5
3.8.5
data semantic portability
data portability (3.8.2(3.9.2)) such that the meaning of the data model is understood within the context
of a subject area by the target
3.98.6
data policy portability
data portability (3.8.2(3.9.2)) while complying with the legal, organizational and policy frameworks
applicable to both the source and target
3.8.7
3.9.7
application portability
ability to migrate an application from a source system to a target system
3.98.8
application syntactic portability
application portability (3.8.7(3.9.7)) where the format of the application artefacts can be decoded on the
target
3.98.9
application instruction portability
application portability (3.8.7(3.9.7)) so that the application's instruction set executes on the target
3.98.10
application metadata portability
application portability (3.8.7(3.9.7)) so that the application's metadata is retained and understood on the
target
© ISO/IEC 2022 – All rights reserved 9
© ISO/IEC 2022 – All rights reserved 9

---------------------- Page: 14 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.98.11
application behaviour portability
application portability (3.8.7(3.9.7)) so that execution on the target produces equivalent results to those
produced on the source
3.98.12
application policy portability
application portability (3.8.7(3.9.7)) while complying with the legal, organizational and policy
frameworks applicable to the source and target
3.103.9 Terms related to cloud data
3.109.1
cloud service customer data
class of data objects under the control, by legal or other reasons, of the cloud service customer
(3.3.2(3.4.2)) that were input to the cloud service (3.1.2(3.2
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
22123-1
ISO/IEC JTC 1/SC 38
Information technology — Cloud
Secretariat: ANSI
computing —
Voting begins on:
2022-11-11
Part 1:
Voting terminates on:
Vocabulary
2023-01-06
Technologies de l'information — Informatique en nuage —
Partie 1: Vocabulaire
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 22123-1:2022(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2022

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
22123-1
ISO/IEC JTC 1/SC 38
Information technology — Cloud
Secretariat: ANSI
computing —
Voting begins on:
Part 1:
Voting terminates on:
Vocabulary
Technologies de l'information — Informatique en nuage —
Partie 1: Vocabulaire
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 22123­1:2022(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2022 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2022

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Contents Page
Foreword .iv
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to cloud computing foundation . 1
3.2 Terms related to cloud deployment models. 2
3.3 Terms related to cloud computing roles and activities . 3
3.4 Terms related to key cloud computing characteristics . 4
3.5 Terms related to cloud capabilities types and cloud service categories . 5
3.6 Terms related to interoperability . 6
3.7 Terms related to cloud service agreements. 7
3.8 Terms related to cloud portability . 8
3.9 Terms related to cloud data . 9
3.10 Terms related to security and privacy .12
3.11 Terms related to inter­cloud . .12
3.12 Terms related to virtualization .12
3.13 Miscellaneous terms .13
3.14 Terms relating to multiplicity and organization of cloud services . 15
Bibliography .16
Index .17
iii
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non­governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding­standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 38, Cloud Computing and Distributed Platforms.
The main changes are as follows:
— the definition for hybrid cloud was changed;
— definitions for CSC role, CSP role, and CSN role were added;
— the definitions for CSC, CSP, and CSN were revised to leverage CSC role, CSP role, and CSN role,
respectively;
— the ISO/IEC 27000 definitions for confidentiality, integrity, and information security were removed;
— the definition of inter-cloud computing was changed;
— terms relating to multi-cloud were added;
— peer cloud service and peer cloud service provider were replaced with secondary cloud service and
secondary cloud service provider, respectively; and
— terms relating to multiplicity and organization of cloud services were added into a new subclause.
A list of all parts in the ISO/IEC 22123 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national­committees.
iv
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 4 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/IEC FDIS 22123-1:2022(E)
Information technology — Cloud computing —
Part 1:
Vocabulary
1 Scope
This document defines terms used in the field of cloud computing.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms related to cloud computing foundation
3.1.1
cloud computing
paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual
resources with self­service provisioning and administration on­demand
Note 1 to entry: Examples of resources include servers, operating systems, networks, software, applications, and
storage equipment.
Note 2 to entry: Self-service provisioning refers to the provisioning of resources provided to cloud services (3.1.2)
performed by cloud service customers (3.3.2) through automated means.
3.1.2
cloud service
one or more capabilities offered via cloud computing (3.1.1) invoked using a defined interface
3.1.3
cloud solution
cloud services (3.1.2) combined and controlled to meet cloud service customer (3.3.2) requirements
Note 1 to entry: A cloud solution can use any combination of cloud deployment models (3.2.1).
1
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.2 Terms related to cloud deployment models
3.2.1
cloud deployment model
way in which cloud computing (3.1.1) can be organized based on the control and sharing of physical or
virtual resources
Note 1 to entry: Examples of cloud deployment models include community cloud (3.2.1), hybrid cloud (3.2.3), private
cloud (3.2.4) and public cloud (3.2.5).
3.2.2
community cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) exclusively support and are shared by a
specific collection of cloud service customers (3.3.2) who have shared requirements and a relationship
with one another, and where resources are controlled by at least one member of this collection
3.2.3
hybrid cloud
cloud deployment model (3.2.1) that uses a private cloud (3.2.4) and a public cloud (3.2.5)
3.2.4
private cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) are used exclusively by a single cloud service
customer (3.3.2) and resources are controlled by that cloud service customer (3.3.2)
3.2.5
public cloud
cloud deployment model (3.2.1) where cloud services (3.1.2) are potentially available to any cloud service
customer (3.3.2) and resources are controlled by the cloud service provider (3.3.3)
3.2.6
multi-cloud
multicloud
cloud deployment model (3.2.1) in which a cloud service customer (3.3.2) uses public cloud services (3.1.2)
provided by two or more cloud service providers (3.3.3)
Note 1 to entry: The cloud service customer (3.3.2) is responsible for integration and management of these cloud
services (3.1.2) to form a cloud solution (3.1.3).
3.2.7
cloud service federation
two or more cloud service providers (3.3.3) bound together by an agreed set of policies, processes and
trust in order to provide cloud services (3.1.2)
3.2.8
federated cloud
cloud deployment model (3.2.1) in which the cloud services (3.1.2) are provided by members of a cloud
service federation (3.2.7)
3.2.9
hybrid multi-cloud
cloud deployment model (3.2.1) in which a cloud service customer (3.3.2) uses cloud services (3.1.2) from
a hybrid cloud (3.2.3) and a multi-cloud (3.2.6)
3.2.10
inter-cloud
intercloud
cloud deployment model (3.2.1) in which a cloud service provider (3.3.3) offers a cloud service (3.1.2) by
using one or more cloud services (3.1.2) provide by other cloud service providers (3.3.3)
2
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.3 Terms related to cloud computing roles and activities
3.3.1
party
natural person, legal person or a group of either, whether or not incorporated, that can assume one or
more roles (3.3.10)
3.3.2
cloud service customer
CSC
party (3.3.1) that is acting in a cloud service customer role (3.3.14)
3.3.3
cloud service provider
CSP
party (3.3.1) that is acting in a cloud service provider role (3.3.15)
3.3.4
cloud service user
CSU
natural person, or entity acting on their behalf, associated with a cloud service customer (3.3.2) that
uses cloud services (3.1.2)
Note 1 to entry: Examples of such entities include devices (3.13.4) and applications.
3.3.5
cloud service partner
CSN
party (3.3.1) that is acting in a cloud service partner role (3.3.16)
3.3.6
cloud auditor
cloud service partner (3.3.5) with the responsibility to conduct an audit (3.13.10) of the provision and
use of cloud services (3.1.2)
3.3.7
cloud service broker
cloud service partner (3.3.5) that negotiates relationships between cloud service customers (3.3.2) and
cloud service providers (3.3.3)
3.3.8
activity
specified pursuit or set of tasks
3.3.9
functional component
functional building block needed to engage in an activity (3.3.8), backed by an implementation
3.3.10
role
set of activities (3.3.8) that serves a common purpose
3.3.11
sub-role
subset of the activities (3.3.8) of a given role (3.3.10)
3
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.3.12
device platform cloud service
cloud service (3.1.2) offered by the device platform provider (3.13.13) to support the device platform
(3.13.5)
Note 1 to entry: An application marketplace (3.13.6) can be an example of device platform (3.13.5) cloud service
(3.1.2).
3.3.13
cloud service developer
cloud service partner (3.3.5) with the responsibility for designing, developing, testing and maintaining
the implementation of a cloud service (3.1.2)
3.3.14
cloud service customer role
CSC role
set of activities (3.3.8) for the purpose of using cloud services (3.1.2)
3.3.15
cloud service provider role
CSP role
set of activities (3.3.8) that make cloud services (3.1.2) available
3.3.16
cloud service partner role
CSN role
set of activities (3.3.8) that support, or are auxiliary to, either the cloud service provider role (3.3.15) or
the cloud service customer role (3.3.14), or both
3.4 Terms related to key cloud computing characteristics
3.4.1
measured service
metered delivery of cloud services (3.1.2) such that usage can be monitored, controlled, reported and
billed
3.4.2
tenant
one or more cloud service users (3.3.4) sharing access to a set of physical and virtual resources
3.4.3
multi-tenancy
allocation of physical or virtual resources such that multiple tenants (3.4.2) and their computations and
data are isolated from and inaccessible to one another
3.4.4
on-demand self-service
feature where a cloud service customer (3.3.2) can provision computing capabilities, as needed,
automatically or with minimal interaction with the cloud service provider (3.3.3)
3.4.5
resource pooling
aggregation of a cloud service provider’s (3.3.3) physical or virtual resources to serve one or more cloud
service customers (3.3.2)
4
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.5 Terms related to cloud capabilities types and cloud service categories
3.5.1
cloud capabilities type
classification of the functionality provided by a cloud service (3.1.2) to the cloud service customer (3.3.2),
based on resources used
Note 1 to entry: The cloud capabilities types are application capabilities type (3.5.2), infrastructure capabilities
type (3.5.3) and platform capabilities type (3.5.4).
3.5.2
application capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can use the cloud service
provider’s (3.3.3) applications
3.5.3
infrastructure capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can provision and use
processing, storage or networking resources
3.5.4
platform capabilities type
cloud capabilities type (3.5.1) in which the cloud service customer (3.3.2) can deploy, manage and run
customer-created or customer-acquired applications using one or more programming languages and
one or more execution environments supported by the cloud service provider (3.3.3)
3.5.5
cloud service category
group of cloud services (3.1.2) that possess some common set of qualities
Note 1 to entry: A cloud service category can include capabilities from one or more cloud capabilities types (3.5.1).
3.5.6
communications as a service
CaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is
real time interaction and collaboration
Note 1 to entry: CaaS can provide both application capabilities type (3.5.2) and platform capabilities type (3.5.4).
3.5.7
compute as a service
CompaaS
cloud service category (3.5.5) in which the capabilities provided to the cloud service customer (3.3.2) are
the provision and use of processing resources needed to deploy and run software
Note 1 to entry: To run some software, capabilities other than processing resources are potentially needed.
3.5.8
data storage as a service
DSaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is the
provision and use of data storage and related capabilities
Note 1 to entry: DSaaS can provide any of the three cloud capabilities types (3.5.1).
5
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.5.9
infrastructure as a service
IaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is an infrastructure capabilities type (3.5.3)
Note 1 to entry: The cloud service customer (3.3.2) does not manage or control the underlying physical and
virtual resources, but does have control over operating systems, storage, and deployed applications that use the
physical and virtual resources. The cloud service customer (3.3.2) can also have limited ability to control certain
networking components (e.g., host firewalls).
3.5.10
network as a service
NaaS
cloud service category (3.5.5) in which the capability provided to the cloud service customer (3.3.2) is
transport connectivity and related network capabilities
Note 1 to entry: Network as a service can provide any of the three cloud capabilities types (3.5.1).
3.5.11
platform as a service
PaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is a platform capabilities type (3.5.4)
3.5.12
software as a service
SaaS
cloud service category (3.5.5) in which the cloud capabilities type (3.5.1) provided to the cloud service
customer (3.3.2) is an application capabilities type (3.5.2)
3.6 Terms related to interoperability
3.6.1
interoperability
ability of two or more systems or applications to exchange information and to mutually use the
information that has been exchanged
3.6.2
cloud interoperability
ability of a cloud service customer’s (3.3.2) system to interact with a cloud service (3.1.2), or the ability
for one cloud service (3.1.2) to interact with other cloud services (3.1.2), by exchanging information
according to a prescribed method to obtain predictable results
3.6.3
transport interoperability
interoperability (3.6.1) where information exchange uses an established communication infrastructure
between the participating systems
3.6.4
syntactic interoperability
interoperability (3.6.1) such that the formats of the exchanged information can be understood by the
participating systems
3.6.5
semantic data interoperability
interoperability (3.6.1) so that the meaning of the data model within the context of a subject area is
understood by the participating systems
6
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.6.6
behavioural interoperability
interoperability (3.6.1) so that the actual result of the exchange achieves the expected outcome
3.6.7
policy interoperability
interoperability (3.6.1) while complying with the legal, organizational, and policy frameworks applicable
to the participating systems
3.7 Terms related to cloud service agreements
3.7.1
service level agreement
SLA
documented agreement between the service provider and customer that identifies services and service
targets
Note 1 to entry: A service level agreement can also be established between the service provider and a supplier, an
internal group or a customer acting as a supplier.
Note 2 to entry: A service level agreement can be included in a contract or another type of documented agreement.
3.7.2
cloud service product
cloud service (3.1.2), allied to the set of business terms under which the cloud service (3.1.2) is offered
Note 1 to entry: Business terms can include pricing, rating, and service levels.
3.7.3
product catalogue
listing of all the cloud service products (3.7.2) which cloud service providers (3.3.3) make available to
cloud service customers (3.3.2)
3.7.4
service catalogue
listing of all the cloud services (3.1.2) of a particular cloud service provider (3.3.3)
3.7.5
cloud service qualitative objective
cloud SQO
commitment a cloud service provider (3.3.3) makes for a specific, qualitative characteristic of a cloud
service (3.1.2), where the value follows the nominal scale or ordinal scale
Note 1 to entry: A cloud service qualitative objective can be expressed as an enumerated list.
Note 2 to entry: Qualitative characteristics typically require human interpretation.
Note 3 to entry: The ordinal scale allows for existence/nonexistence.
3.7.6
cloud service level agreement
cloud SLA
part of the cloud service agreement (3.7.8) that includes cloud service level objectives (3.7.7) and cloud
service qualitative objectives (3.7.5) for the covered cloud service(s) (3.1.2)
Note 1 to entry: A cloud service level agreement is a service level agreement (3.7.1) used in the context of cloud
computing (3.1.1).
7
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.7.7
cloud service level objective
cloud SLO
commitment a cloud service provider (3.3.3) makes for a specific, quantitative characteristic of a cloud
service (3.1.2), where the value follows the interval scale or ratio scale
Note 1 to entry: A cloud service level objective commitment can be expressed as a range.
3.7.8
cloud service agreement
documented agreement between the cloud service provider (3.3.3) and cloud service customer (3.3.2)
that governs the covered cloud service(s) (3.1.2)
Note 1 to entry: A cloud service agreement can consist of one or more parts recorded in one or more documents.
3.7.9
metric
standard of measurement that defines the conditions and the rules for performing the measurement
and for understanding the results of a measurement
Note 1 to entry: A metric implements a particular abstract metric concept.
Note 2 to entry: A metric is to be applied in practice within a given context that requires specific properties to be
measured, at a given time(s) for a specific goal.
3.7.10
failure notification policy
policy specifying the processes by which the cloud service customer (3.3.2) and cloud service partner
(3.3.5) can notify the cloud service provider (3.3.3) of a service outage and by which the cloud service
provider (3.3.3) can notify the cloud service customer (3.3.2) and cloud service partner (3.3.5) that a
service outage has occurred
Note 1 to entry: The policy can also include the process for providing updates on service outages, who receives
notifications and updates, the maximum time between the detection of a service outage and the issuance of a
notice of service outage, the maximum time interval between service outage updates and how service outage
updates are described.
3.7.11
remedy
compensation available to the cloud service customer (3.3.2) in the event the cloud service provider
(3.3.3) fails to meet a specified cloud service level objective (3.7.7)
Note 1 to entry: This definition of the term in English is based on the "legal reparation" meaning defined in The
Shorter Oxford English Dictionary.
3.8 Terms related to cloud portability
3.8.1
cloud application portability
ability to migrate an application from one cloud service (3.1.2) to another cloud service (3.1.2)
3.8.2
data portability
ability to easily transfer data from one system to another without being required to re-enter data
Note 1 to entry: It is the ease of moving the data that is the essence here. This can be achieved by the source
system supplying the data in exactly the format that is accepted by the target system. But even if the formats
do not match, the transformation between them can be simple and straightforward to achieve with commonly
available tools. On the other hand, a process of printing out the data and rekeying it for the target system cannot
be described as "easy."
8
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
3.8.3
cloud data portability
data portability (3.8.2) from one cloud service (3.1.2) to another cloud service (3.1.2)
3.8.4
data syntactic portability
data portability (3.8.2) using data formats that can be decoded on the target
3.8.5
data semantic portability
data portability (3.8.2) such that the meaning of the data model is understood within the context of a
subject area by the target
3.8.6
data policy portability
data portability (3.8.2) while complying with the legal, organizational and policy frameworks applicable
to both the source and target
3.8.7
application portability
ability to migrate an application from a source system to a target system
3.8.8
application syntactic portability
application portability (3.8.7) where the format of the application artefacts can be decoded on the target
3.8.9
application instruction portability
application portability (3.8.7) so that the application's instruction set executes on the target
3.8.10
application metadata portability
application portability (3.8.7) so that the application's metadata is retained and understood on the
target
3.8.11
application behaviour portability
application portability (3.8.7) so that execution on the target produces equivalent results to those
produced on the source
3.8.12
application policy portability
application portability (3.8.7) while complying with the legal, organizational and policy frameworks
applicable to the source and target
3.9 Terms related to cloud data
3.9.1
cloud service customer data
class of data objects under the control, by legal or other reasons, of the cloud service customer (3.3.2)
that were input to the cloud service (3.1.2), or resulted from exercising the capabilities of the cloud
service (3.1.2) by or on behalf of the cloud service customer (3.3.2) via the published interface of the
cloud service (3.1.2)
Note 1 to entry: An example of legal controls is copyright.
9
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC FDIS 22123-1:2022(E)
Note 2 to entry: It can be that the cloud service (3.1.2) contains or operates on data that is not cloud service
customer data; this can be data made available by the cloud service providers (3.3.3), or obtained from another
source, or it can be publicly available data. However, any output data produced by the actions of the cloud service
customer (3.3.2) using the capabilities of the cloud service (3.1.2) on this data is likely to be cloud service customer
data, following the general principles of copyright, unless there are specific provisions in the cloud service
agreement (3.7.8) to the contrary.
3.9.2
cloud service derived data
class of data objects under cloud service provider (3.3.3) control that are derived as a result of interaction
with the cloud service (3.1.2) by the cloud service customer (3.3.2)
Note 1 to entry: Cl
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.