Cloud Managed Services & Outsourcing Privacy & Security Cloud computing standards update (ISO JTC1/SC38) Don Sheppard @DonSheppard Published: February 1st, 2016My last update on the progress of cloud standardization in the ISO was April 2014, so I’m overdue for another report.The primary cloud committee in the International Organization for Standardization (ISO) is ISO/IEC JTC1/SC38 whose mandate is standardization in the area of “Cloud Computing and Distributed Platforms,” including, but not limited to:Service Oriented Architecture (SOA)Service Level AgreementInteroperability and PortabilityData and their Flow Across Devices and Cloud ServicesCurrently, there are 29 countries and 10 observers involved in this work effort.The following standards have been published:ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabularyISO/IEC 17789:2014 Information technology — Cloud computing — Reference architectureThese standards are derived from, but are not identical to, the NIST definition as described in NIST SP800-145. They were developed in collaboration with the International Telecommunications Union (ITU) and various industry consortia such as the Object Management Group (OMG).ISO/IEC 17826:2012 Information technology — Cloud Data Management Interface (CDMI)This is a standard that was developed by SNIA (Storage Networking Industry Association) and fast tracked to the ISO.The following standards are now being developed by SC38 working groups (and are only available to members for now):ISO/IEC DIS 19086-1 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and conceptsISO/IEC NP 19086-2 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 2: MetricsISO/IEC CD 19086-3 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirementsISO/IEC AWI 19941 Information Technology — Cloud Computing — Interoperability and PortabilityISO/IEC WD 19944 Information Technology – Cloud Computing – Data and their Flow across Devices and Cloud ServicesIn addition, ISO/IEC JTC1/SC27 (IT security techniques) is developing cloud security standards:ISO/IEC NP 19086-4 Information technology — Cloud computing — Service level agreement (SLA) framework and Technology — Part 4: Security and privacyISO/IEC AWI 20889 Information technology — Security techniques — Privacy enhancing data de-identification techniquesThere are other SC27 standards, none specific to cloud computing, that may apply to, or at least be useful for, security in cloud-based solutions.The IEEE is another organization that is active in the cloud computing standards arena. They are working on:P2301 – Guide for Cloud Portability and Interoperability Profiles (CPIP)P2302 – Standard for Intercloud Interoperability and Federation (SIIF)P2303 – Standard for Adaptive Management of Cloud Computing EnvironmentsThe IEEE also launched a Global Intercloud Testbed initiative in 2013.Another important standards community is the Open Group. They have published a number of documents and white papers, including:G135 – Cloud Computing Portability and Interoperability (April 2013)C141 – The Open Group Cloud Ecosystem Reference Model (January 2014)Various other standards bodies are involved as liaison organizations to the ISO, including DMTF (Distributed Management Task Force), OASIS, OGF (Open Grid Forum), and SNIA (Storage Networking Industry).In Canada, the Standards Council of Canada (SCC) is the official representative to the ISO. If you are interested in volunteering to help the Canadian mirror committee for ISO JTC1/SC38, please contact the Standards Council of Canada and let them know you would like to get involved.Would you recommend this article?00 Thanks for taking the time to let us know what you think of this article! We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →Jim Love, Chief Content Officer, IT World Canada Cloud, Managed Services & Outsourcing, Privacy & Security cloud, cloud standards, cloud-based solutions, IEEE, ISO, open, standards