Issue 27 – May 2011
The Cloud Security Alliance (CSA) has announced that it will have a key role in the development of cloud security and privacy Standards under International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). The CSA has a Category C liaison relationship with ISO/IEC's Joint Technical Committee (JTC) 1/Sub Committee (SC) 27. Category C liaisons are organisations which make an effective technical contribution and participate actively in the working groups (WG) under SC 27.
'By working closely with ISO in the highly dynamic cloud computing environment, the industry can have confidence that CSA guidance will be enduring, and that they can align with it now,' said CSA chairman of the board Dave Cullinane.
Dr. Walter Fumy, SC 27 Chairman, says, 'ISO/IEC JTC 1/SC 27 is now embarking on the development of a series of Standards that will address the security and privacy issues of cloud computing services. This development is being carried out in collaboration with various standardisation partners including ITU-T and ISO/IEC JTC 1/SC 38 together with CSA. This new cooperation with the CSA adds significant value to this work of ISO/IEC JTC 1/SC 27 as it facilitates an important communication channel for the promotion of cloud computing security Standards amongst the information security community.'
The CSA will initially collaborate on two projects with the SC 27:
- A new work item proposal for cloud security, reinforcing previous work done on the Code of Practice for Information Security Management (ISMS) found in the ISO/IEC 27002 international Standard. The aim is to provide guidelines on information security controls for the use of cloud computing services based on ISMS security controls.
- Information security for supplier relationships part 1. This is a new part under the multi-part Standard, ISO/IEC 27036.
Read the full media release (https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-cloud-security-standards-in-partnership-with-isoiec/.
Summarised with permission from a Cloud Security Alliance media release 20 April 2011.
- AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management