ISO/IEC 19086-1
ISO/IEC 19086-1:2016 establishes a set of common building blocks (concepts, terms, definitions, contexts) that can be used to create Cloud Service Agreements including Service Level Agreements (SLA). It is part 1 of the 4 part ISO/IEC 19086 series.
ISO/IEC 19086-1:2016 covers the following:
- an overview of cloud service agreements
- identification of the relationship between the cloud service agreement and the cloud SLA
- concepts that can be used to build cloud service agreements
- commonly used terms
The standard is for the benefit and use of both cloud service providers and cloud service customers. The aim is to avoid confusion and facilitate a common understanding between cloud service providers and cloud service customers. Cloud service agreements and their associated cloud SLAs vary between cloud service providers, and in some cases, different cloud service customers can negotiate different contract terms with the same cloud service provider for the same cloud service.
The standard provides a set of cloud service level objectives (SLOs) and cloud service qualitative objectives (SQOs) that may apply to cloud services or cloud service providers. This approach provides flexibility for cloud service providers and customers in tailoring their cloud service agreement.
Benefits
- ISO/IEC 19086-1 enables a vetted move to the cloud by providing risk and compliance stakeholders a framework for due diligence. Compliance considerations can be more reliably accounted for
- ISO/IEC 19086-1 provides standardized terminology, including SLOs and SQOs, that cloud service providers and cloud service providers can reference in their negotiations and agreements
- ISO/IEC 19086-1 provides references to other standards that can be useful in the development of cloud service agreements
Implementation
The Cloud Services Due Diligence Checklist, based on ISO/IEC 19086-1:2016, is a tool that can be used in the due diligence process when procuring cloud services and when negotiating cloud service agreements.
Structure
Forward
Introduction
- Scope
- Normative Reference
- Terms and Definitions
- Symbols and Abbreviations
- Overview of Service Level Agreement for cloud service
- Relationship between the cloud service agreement and the cloud SLAs
- Cloud SLA management best practices
- General
- Design
- Evaluation and acceptance
- Implementation and execution
- Change to Cloud SLA
- The role of cloud service level objectives, cloud service qualitative objectives, metrics, remedies and exceptions in the cloud SLA
- General
- Metrics
- Service Level Objectives and Service Qualitative Objectives
- Service Levels
- Cloud service level objectives
- Cloud service qualitative objectives
- Remedies and claims
- Remedies
- Claims process
- Exceptions
- Cloud SLA components
- General
- Covered services component
- Description
- Relevance
- Cloud SLA definitions component
- Description
- Relevance
- Service monitoring component
- Description
- Relevance
- Cloud service qualitative objectives
- Roles and responsibilities component
- Description
- Relevance
- Cloud SLA content areas and their components
- General
- Accessibility content area
- Accessibility component
- Availability content area
- Availability component
- Cloud service performance content area
- General
- Cloud service response time component
- Cloud service capacity component
- Elasticity component
- Protection of personally identifiable information (PII) content area
- Protection of PII component
- Information Security content area
- Information Security component
- Termination of service content area
- Termination of service component
- Cloud service support content area
- Cloud service support component
- Governance content area
- Governance component
- Changes to the cloud service features and functionality content area
- Changes to the cloud service features and functionality component
- Service reliability content area
- General
- Service resilience/fault tolerance component
- Customer data backup and restore component
- Disaster recovery component
- Data management content area
- General
- Intellectual property rights (IPR) component
- Cloud service customer data component
- Cloud service provider data component
- Account data component
- Derived Data component
- Data portability component
- Data deletion component
- Data location component
- Data examination component
- Law enforcement access component
- Attestations, certifications and audits content area
- Attestations, certifications and audits component
Bibliography
ISO/IEC 19086 Series
ISO/IEC 19086 consists of the following four parts, under the general title Information technology â Cloud computing â Service Level Agreement (SLA) framework:
Part 1 : Overview and concepts: Focus on Cloud Service Agreement and Cloud Service Level agreement - released September 2016
Part 2: Metric Model: Defines a Metrics Model - under development
Part 3: Core requirements - under development
Part 4: Security & Privacy - under development
ISO/IEC 19086 builds on the cloud computing concepts defined in ISO/IEC 17788 and ISO/IEC 17789. It establishes a common framework for helping organization understand the purpose of all parts of ISO/IEC 19086 and the relationships between those parts. It identifies other documents that have relationships with ISO/IEC 19086 and which are useful in understanding cloud SLAs.
ISO/IEC 19086-1, 19086-2 and 19086-3 are being developed by sub-committee 38 (SC 38) of the Joint Technical Committee (JTC 1) of the International Organization for Standardization and the International Electrotechnical Commission. 19086-4 is being developed by sub-committee 27 (SC27).