A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 17 November 2014
As the days get more and more overcast and the nights draw in, what more fitting than another piece of "cloud" documentation to consider when engaging with a cloud services provider.
The autumn has seen the acknowledgment of a plethora of international standards on cloud computing. I say acknowledgment rather than launch as many were published back in August. However, there has been little if any fanfare over their launch by the International Standards Organisation and it has only come to the attention of the data protection community in the last few weeks.
ISO/IEC 17788 and 17789 provide standardized definitions of common cloud computing terms, such as Software as a Service, and of cloud deployment models such as "public" and "private" clouds and diagrams and descriptions of how the various aspects of cloud computing relate to one another. Of more interest to the data protection community is the new ISO27018:2014, not so catchily titled "Information technology – Security techniques – Code of the practice for protection of personally identifiable information (PII) in public clouds acting as PII processors."
Compliance with this standard should give cloud customers comfort towards ensuring their own compliance with data protection obligations. For example, the standard imposes the following requirements on the cloud provider:
This standard provides a useful tool for a customer to evaluate the cloud services and data handling practices of a potential cloud supplier, and will be a useful reference point to form part of a wider contractual framework to secure personal data. I would recommend clients start asking their cloud providers about their plans for ISO27018 compliance and it may become good industry practice to insist on such compliance going forward.
London - Walbrook
+44 (0)20 7894 6577
Campbell Dye, Andrew Allan-Jones