Cloud computing and distributed platforms. Data flow, data categories and data use. Fundamentals

Scope

What is ISO/IEC 19944‑1 about?

ISO/IEC 19944‑1 is the first part of the multi-series standard that extends the existing cloud computing vocabulary and reference architecture in ISO/IEC 17788 and ISO/IEC 17789 to describe an ecosystem involving devices using cloud services.

ISO/IEC 19944‑1 describes the various types of data flowing within the devices and cloud computing ecosystem.

ISO/IEC 19944‑1 describes the impact of connected devices on the data that flow within the cloud computing ecosystem.

ISO/IEC 19944‑1 describes flows of data between cloud services, cloud service customers and cloud service users.

ISO/IEC 19944‑1 provides foundational concepts, including a data taxonomy, and

ISO/IEC 19944‑1 identifies the categories of data that flow across the cloud service customer devices and cloud services.

ISO/IEC 19944‑1 is applicable primarily to cloud service providers, cloud service customers and cloud service users, but also to any person or organization involved in legal, policy, technical or other implications of data flows between devices and cloud services.

Who is ISO/IEC 19944‑1 for?

ISO/IEC 19944‑1 on Cloud computing and distributed platforms is useful for:

• Cloud computing companies
• Finance companies
• Network companies
• Content writing companies

Why should you use ISO/IEC 19944‑1?

ISO/IEC 19944‑1 provides a description of the ecosystem of devices and cloud services and the related flows of data between cloud services, cloud service customers, cloud service users and their devices. These are necessary to provide guidance about?

how data are used on the devices in the context of the cloud computing ecosystem and the associated location and identity issues that emerge from such use.

ISO/IEC 19944‑1 proposes a scheme for the structure of data use statements that can be used by cloud service providers to help cloud service customers understand and protect the privacy and confidentiality of their data and their users’ data through increased transparency of policies and practices.

ISO/IEC 19944‑1 used in several ways including, but not limited to:

• By cloud service providers and application developers to guide them in describing what they intend to do with data in their designs, so as to simplify privacy and data use reviews and to communicate this information to non-technical departments such as internal compliance, marketing and legal teams
• By organizations drawing up data use statements as part of drafting cloud service agreements and application contracts, privacy statements, etc., which could apply to documents internal to an organization, in addition to public or legal documents
• By government regulators and agencies to advise on suitable ways of describing data flow and use
• By those preparing information on data flow and data used for communication to the press and the public

ISO/IEC 19944‑1 provides a set of concepts and definitions, including a data taxonomy and data use statement structure, that can be used for transparency about?

how data are used in an ecosystem of devices and cloud services.

ISO/IEC 19944‑1 aims to improve the understanding of the data flows that take place in an ecosystem consisting of devices accessing cloud services. ISO/IEC 19944‑1 does this through an extended cloud computing reference architecture (CCRA) (based on the architecture described in ISO/IEC 17789) that describes the impact of devices on cloud service ecosystems and the impact of cloud services on devices. ISO/IEC 19944‑1 also describes the data flows that take place within the extended reference architecture.

© BSI 2022 All rights reserved

External Links