ISO/IEC NP 27018 Code of practice for data protection controls for public cloud computing services

This standard will provide guidance on the privacy elements/aspects of cloud computing. It will be accompanied by ISO/IEC 27017 covering the wider information security angles.

The standard is not intended to duplicate or modify ISO/IEC 27002 in relation to cloud but will presumably add control objectives and controls relevant to the protection of privacy and personal data in the cloud.

The project has widespread support from national bodies plus the Cloud Security Alliance.

Status of the standard

Work in progress. Drafting is likely to take a year or two, with publication possible in 2013