ISO_IEC_19086-1_2016.pdf

Information technology Cloud computing Service level agreement(SLA)framework Part 1:Overview and conceptsTechnologies de linformation Informatique en nuage Cadre de travail de laccord du niveau de service Partie 1:Aperu gnral et conceptsINTERNATIONAL STANDARDISO/IEC19086-1Reference numberISO/IEC 19086-1:2016(E)First edition2016-09-15 ISO/IEC 2016 ii ISO/IEC 2016 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016,Published in SwitzerlandAll rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh.de Blandonnet 8 CP 401CH-1214 Vernier,Geneva,SwitzerlandTel.+41 22 749 01 11Fax+41 22 749 09 47copyrightiso.orgwww.iso.orgISO/IEC 19086-1:2016(E)ISO/IEC 19086-1:2016(E)Foreword.vIntroduction.vi1 Scope.12 Normative references.13Termsanddefinitions.14 Symbols and abbreviated terms.45 Overview of SLAs for cloud services.56 Relationship between the cloud service agreement and cloud SLAs.67 Cloud SLA management best practices.77.1 General.77.2 Design.77.3 Evaluation and acceptance.77.4 Implementation and execution.87.5 Changes to the cloud SLA.88 The role of cloud service level objectives,cloud service qualitative objectives,metrics,remedies and exceptions in the cloud SLA.88.1 General.88.2 Metrics.88.3 SLOs and SQOs.98.3.1 Service levels.98.3.2 Cloud service level objectives.98.3.3 Cloud service qualitative objectives.98.4 Remedies and claims.108.4.1 Remedies.108.4.2 Claims process.108.5 Exceptions.109 Cloud SLA components.109.1 General.109.2 Covered services component.109.2.1 Description.109.2.2 Relevance.119.3 Cloud SLA definitions component.119.3.1 Description.119.3.2 Relevance.119.4 Service monitoring component.119.4.1 Description.119.4.2 Relevance.119.4.3 Cloud service qualitative objectives.119.5 Roles and responsibilities component.119.5.1 Description.119.5.2 Relevance.1210 Cloud SLA content areas and their components.1210.1 General.1210.2 Accessibility content area.1210.2.1 Accessibility component.1210.3 Availability content area.1310.3.1 Availability component.1310.4 Cloud service performance content area.1310.4.1 General.1310.4.2 Cloud service response time component.13 ISO/IEC 2016 All rights reserved iiiContents Page ISO/IEC 19086-1:2016(E)10.4.3 Cloud service capacity component.1410.4.4 Elasticity component.1510.5 Protection of personally identifiable information(PII)content area.1610.5.1 Protection of PII component.1610.6 Information Security content area.1710.6.1 Information Security component.1710.7 Termination of service content area.1810.7.1 Termination of service component.1810.8 Cloud service support content area.1910.8.1 Cloud service support component.1910.9 Governance content area.2110.9.1 Governance component.2110.10 Changes to the cloud service features and functionality content area.2210.10.1 Changes to the cloud service features and functionality component.2210.11 Service reliability content area.2310.11.1 General.2310.11.2 Service resilience/fault tolerance component.2310.11.3 Customer data backup and restore component.2410.11.4 Disaster recovery component.2510.12 Data management content area.2610.12.1 General.2610.12.2 Intellectual property rights(IPR)component.2710.12.3 Cloud service customer data component.2710.12.4 Cloud service provider data component.2810.12.5 Account data component.2810.12.6 Derived Data component.2810.12.7 Data portability component.2910.12.8 Data deletion component.2910.12.9 Data location component.3010.12.10.Data examination component.3110.12.11.Law enforcement access component.3110.13 Attestations,certifications and audits content area.3110.13.1 Attestations,certifications and audits component.31Bibliography.33iv ISO/IEC 2016 All rights reserved ISO/IEC 19086-1:2016(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.In the field of information technology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives,Part 1.In particular the different approval criteria needed for the different types of document should be noted.This docume