ISO/IEC 27018 — Information technology — Security techniques — Privacy in cloud computing (early DRAFT)
This standard will provide guidance on the privacy elements/aspects of cloud computing. It will be accompanied by ISO/IEC 27017 covering the wider information security angles.
The standard is not intended to duplicate or modify ISO/IEC 27002 in relation to cloud but will presumably add control objectives and controls relevant to the protection of privacy and personal data in the cloud.
The project has widespread support from national bodies plus the Cloud Security Alliance.
Latest available status info
Work in progress. Drafting is likely to take a year or two, with publication possible in 2013.
|
