Information technology — Cloud computing — Taxonomy based data handling for cloud services (Adopted ISO/IEC 22624:2020, first edition, 2020-02)
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).
For brevity, this Standard will be referred to as CSA ISO/IEC 22624 throughout.
At the time of publication, ISO/IEC 22624:2020 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC.
This Standard has been formally approved, without modification, by the Technical Committee and has been developed in compliance with Standards Council of Canada requirements for National Standards of Canada. It has been published as a National Standard of Canada by CSA Group.
- describes a framework for the structured expression of data-related policies and practices in the cloud computing environment, based on the data taxonomy in ISO/IEC 19944;
- provides guidelines on application of the taxonomy for handling of data based on data subcategory and classification;
- covers expression of data-related policies and practices including, but not limited to data geolocation, cross border flow of data, data access and data portability, data use, data management, and data governance;
- describes how the framework can be used in codes of conduct for practices regarding data at rest and in transit, including cross border data transfer, as well as remote access to data;
- provides use cases for data handling challenges, i.e. control, access and location of data according to ISO/IEC 19944 data categories.
This document is applicable primarily to cloud service providers, cloud service customers (CSCs) and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of taxonomy-based data management in cloud services.