Making Cloud SLAs readily usable in the EU private sector

ISO/IEC 19086 Part 4 – Security and Privacy

The contribution of SLA-Ready to ISO/IEC WD 19086-4 referred to the Security and Protection of Personally Identifiable Information components. While SLA-Ready contributed to the inclusion of Service Quantitative Objectives (SQOs) into the conceptual model in ISO/IEC 19086-2, it also provided a major contribution related to validating the proposed model with respect to the security and privacy metrics being documented in ISO/IEC 19086-4.

The validation took place by specifying one privacy and one security metric with the proposed model, along with the respective machine-readable versions. While the comments on the guidance on SLOs and SQOs as well as the comments on the security components and privacy commitments were not yet addressed, extensive changes were applied to clause 7 on Security Components and to clause 8 on Security and Protection of Personally Identifiable Information Components. The documented contribution can be seen in Annex 2 of this deliverable.