ISO/IEC TR 23187:2020 情報技術—クラウドコンピューティング—クラウドサービスパートナー（CSN）とのやり取り | ページ 2

Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives ).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents ) or the IEC list of patent declarations received (see http://patents.iec.ch ).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html .

This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 38, Cloud computing and distributed platforms.

Introduction

The purpose of this document is to expand on the understanding of the interactions between cloud service partners (CSNs) and cloud service customers (CSCs), and between CSNs and cloud service providers (CSPs).

Cloud computing offers solutions to many emerging technologies and it offers many benefits to all cloud service users (CSUs) and CSCs. The broader requirement for cloud computing solutions is to ensure organizations have the best capabilities to fulfil their business missions. This has helped to drive the adoption of cloud services and the marketplace is adjusting to the increasing demands.

In finding and applying appropriate solutions and leveraging the many benefits of using cloud services, many CSCs use multiple CSPs and various deployment models. In using, sharing, and assessing data, an understanding and clarification of roles, activities and responsibilities will help to maintain the security, privacy, confidentiality and integrity of cloud services.

Interactions of CSCs and CSPs with the various CSNs have caused a degree of concern and confusion in the cloud service marketplace. In some cases, causing harm to CSCs through inappropriate security controls and the lack of proper cloud service agreements relating to the cloud services being used. This is in part caused by an inadequate understanding of the relationships involved and by the lack of standards which might apply to those relationships.

Interactions between CSCs and CSPs have been described in detail in standards documents – ISO/IEC 17789, ISO 19011, ISO/IEC 19941, ISO/IEC 27017, ISO/IEC 27018 and the ISO/IEC 19086 series. Interactions of CSNs, a key role in the cloud service environment, with CSCs and CSPs have not been described in similar detail. This document provides further clarity about those interactions.

This document provides clarification of the concepts provided in ISO/IEC 17788, ISO/IEC 17789, the ISO/IEC 19086 series, and ISO/IEC 19941 regarding CSNs, and CSN interactions with CSCs and CSPs with the help of a few exemplary market scenarios. Building on an expanded description of sub-roles and activities, this document provides guidance on using cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) to provide more clarity for CSN interactions.

1 Scope

This document provides an overview of and guidance on interactions between cloud service partners (CSNs), specifically cloud service brokers, cloud service developers and cloud auditors, and other cloud service roles. In addition, this document describes how cloud service agreements (CSAs) and cloud service level agreements (cloud SLAs) can be used to address those interactions, including the following:

• definition of terms and concepts, and provision of an overview for interactions between CSNs and CSCs and CSPs;
• description of types of CSN interactions;
• description of interactions between CSNs and CSCs;
• description of interactions between CSNs and CSPs;
• description of elements of CSAs and Cloud SLAs for CSN interactions, both with CSPs and with CSCs.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086-1, and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

Bibliography