ISO IEC 22624:2020 pdf free
ISO IEC 22624:2020 pdf free.Information technology一Cloud computing一Taxonomy based data handling for cloud services
In order to define application specific data handling policies and practices, these elements need to be applied to the application domain at hand. This includes data classifications with regards to security or risk levels that apply to data, as well as technical and organisational qualifications of data.Hence, the approach described in this document requires the considerations of data categories as described in ISO/IEC 19944 as well as orthogonal information dependent on the concrete application under consideration. Examples which are used to explain this approach therefore employ a tabular representation format emphasizing the orthogonal character of generic data categorization (rows) and application specific elements (columns). Therefore, for a person who is concerned with the development of, for example, enterprise policies for data use by a set of cloud services, all relevant cases which need to be considered are visible.
Implicitly, ISO/IEC 19944 focuses on personal data and PII, and does not explicitly cover non-personal data, or mixed sets of data that contain both PII and non-personal data. Non-personal data is defined as any data that is not personal and is not covered under PII, e.g. scientific data, sales data. Mixed data sets contain both PII and non-personal data such as human resource data that contains both organizational structures and personal employee data. It is important to recognize these different sets as different policies and regulations could apply to each. For example, the EU GDPR[2] regulates aspects of PII and the free-flow of non-personal data regulation[10] sets policies concerning the geo-location and movement of non-personal data. In line with ISO/IEC 19944, this document focuses on PII and does not delve deeper into aspects explicitly related to non-personal or mixed sets of data.Moreover, this document does not stipulate any specific format or syntax to be used to express policies and practices related to a categorization of data. Although tables are frequently employed throughout this document to illustrate the usage of the framework, the use of tabular formats is not normative or mandatory but serves for the presentation of examples only.ISO IEC 22624 pdf free download.