1、Information technology Cloud computing Guidance for policy developmentTECHNICAL REPORTISO/IEC TR22678First edition2019-01Reference numberISO/IEC TR 22678:2019(E)ISO/IEC 2019 ISO/IEC TR 22678:2019(E)ii ISO/IEC 2019 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2019All rights reserved.Unless
2、 otherwise specified,or required in the context of its implementation,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission
3、can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCP 401 Ch.de Blandonnet 8CH-1214 Vernier,GenevaPhone:+41 22 749 01 11Fax:+41 22 749 09 47Email:copyrightiso.orgWebsite:www.iso.orgPublished in Switzerland ISO/IEC TR 22678:20
4、19(E)Foreword.vIntroduction.vi1 Scope.12 Normative references.13Termsanddefinitions.14 Abbreviated terms.25 Summary of this document.35.1 Purpose of this document.35.2 Intended audience.35.3 How to use this document.46 Understanding cloud computing aspects for policy development.46.1 Introduction.46
5、.2 Cloud computing essential characteristics.46.2.1 Standard definition of cloud computing.46.2.2 Essential characteristics of cloud computing(from ISO/IEC 17788).46.3 Major benefits of cloud computing.56.3.1 Benefits for cloud service customers(CSCs).56.3.2 Benefits for society.76.4 Implications fo
6、r policy makers.76.4.1 Shared responsibilities.76.4.2 Cloud services which are deployed and managed across multiple jurisdictions.86.4.3 Economics of managing a global cloud service.86.4.4 What global,scalable public cloud computing makes possible.96.4.5 Implications of service scale and velocity.96
7、.4.6 Implications of continuous development.106.4.7 Implications of multi-tenant cloud services.106.4.8 Implications of geographical restrictions.106.4.9 The need for cloud service data categorisation and classification.116.4.10 Interoperability and portability.126.4.11 Trust and transparency.136.4.
8、12 Exceptional circumstances.146.4.13 Compliance,certification,audit.156.4.14 Challenges for small and medium sized enterprise(SME)adoption.157 Using international standards to assist in developing policies that cover cloud computing.167.1 International standards relevant to cloud computing policy d
9、evelopment.167.1.1 ISO/IEC 19086 series of standards as applicable to trust and transparency.197.1.2 ISO/IEC 19944 as applicable to clarify data concepts.207.1.3 ISO/IEC 27552,Privacy information management systems.217.2 Other significant standards,specifications,and documents.228 Considerations whe
10、n developing policy.228.1 Considerations for regulatory policy.228.1.1 General.228.1.2 Multi-tenant issues.238.1.3 Avoiding unnecessary barriers to cloud adoption.238.1.4 Trust and transparency.248.1.5 Interoperability and portability.248.1.6 Security and privacy.258.2 Considerations for advisory po
11、licy.258.2.1 General.258.2.2 Promotion of cloud technology adoption.26 ISO/IEC 2019 All rights reserved iiiContents Page ISO/IEC TR 22678:2019(E)8.2.3 Terminology and taxonomy.268.2.4 Adoption by small and medium enterprises.268.2.5 Supplier certifications.268.2.6 Network connectivity.268.2.7 Intero
12、perability and portability.278.3 Considerations for procurement policy.278.3.1 General.278.3.2 Terminology and taxonomy.278.3.3 Cloud service deployment models.288.3.4 Supplier certifications.288.3.5 Interoperability and portability.289 Conclusions.28Annex A(informative)Relationship between key char
13、acteristics and implications.29Annex B(informative)Otherrelevantstandards,specifications,anddocuments.30Bibliography.32iv ISO/IEC 2019 All rights reserved ISO/IEC TR 22678:2019(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form
14、 the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC tech
15、nical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IE
16、C Directives,Part 1.In particular,the different approval criteria needed for the different types of document should be noted.This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,Part 2(see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO and IEC shall not be held responsible for identifying any or all such patent rights.Details of any patent rights identified duri