ISO/IEC 27018 — Information technology — Security techniques — Code of practice for data protection controls for public cloud computing services (DRAFT)
This standard will provide guidance on the privacy elements/aspects of public clouds. It will be accompanied by ISO/IEC 27017 covering the wider information security angles.
The standard is not intended to duplicate or modify ISO/IEC 27002 in relation to cloud computing but will presumably add control objectives and controls relevant to the protection of privacy and personal data in the cloud.
The project has widespread support from national bodies plus the Cloud Security Alliance.
The first Working Draft of this standard is similar in style to ISO/IEC 27015 (the information security management guidelines for financial services) in that it builds on ISO/IEC 27002, expanding on its advice in particular areas.
Status of the standard
The 1st WD is available to members of SC27 for review and contributions.
Publication is possible in 2013, especially if it turns out that the revised version of ISO/IEC 27002 covers most of the applicable security controls adequately without further elaboration.