iTeh Standards logo
EURUSD
Your shopping cart is empty.
SIST

oSIST prEN ISO 22123-3:2026

(Main)

Information technology - Cloud computing - Part 3: Reference architecture (ISO/IEC 22123-3:2023)

Information technology - Cloud computing - Part 3: Reference architecture (ISO/IEC 22123-3:2023)

This document specifies the cloud computing reference architecture (CCRA).

Informationstechnik - Cloud Computing - Teil 3: Referenzarchitektur (ISO/IEC 22123-3:2023)

Technologies de l'information - Informatique en nuage - Partie 3: Architecture de référence (ISO/IEC 22123-3:2023)

Informacijska tehnologija - Računalništvo v oblaku - 3. del: Referenčna arhitektura (ISO/IEC 22123-3:2023)

General Information

Status
Not Published
Public Enquiry End Date
28-Feb-2026
ICS
35.210 - Cloud computing
Technical Committee
I11 - Imaginarni 11
Current Stage
4020 - Public enquire (PE) (Adopted Project)
Start Date
17-Dec-2025
Due Date
06-May-2026
Ref Project
prEN ISO 22123-3 - Information technology - Cloud computing - Part 3: Reference architecture (ISO/IEC 22123-3:2023)
oSIST prEN ISO 22123-3:2026oSIST prEN ISO 22123-3:2026
PreviousNext
Draft
oSIST prEN ISO 22123-3:2026
English language
64 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-februar-2026
Informacijska tehnologija - Računalništvo v oblaku - 3. del: Referenčna arhitektura
(ISO/IEC 22123-3:2023)
Information technology - Cloud computing - Part 3: Reference architecture (ISO/IEC
22123-3:2023)
Informationstechnik - Cloud Computing - Teil 3: Referenzarchitektur (ISO/IEC 22123-
3:2023)
Technologies de l'information - Informatique en nuage - Partie 3: Architecture de
référence (ISO/IEC 22123-3:2023)
Ta slovenski standard je istoveten z: prEN ISO 22123-3
ICS:
35.210 Računalništvo v oblaku Cloud computing
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO/IEC
STANDARD 22123-3
First edition
2023-09
Information technology — Cloud
computing —
Part 3:
Reference architecture
Technologies de l'information — Informatique en nuage —
Partie 3: Architecture de référence
Reference number
ISO/IEC 22123-3:2023(E)
© ISO/IEC 2023
ISO/IEC 22123-3:2023(E)
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Contents Page
Foreword .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to security and privacy . 1
3.2 Terms relating to architecture . 1
4 Symbols and abbreviated terms.2
5 Conventions . 2
6 Cloud computing reference architecture goals and objectives . 2
7 CCRA viewpoints . 3
7.1 General . 3
7.2 CCRA architectural views . 3
7.3 User view of cloud computing . 5
7.3.1 General . 5
7.3.2 Cloud computing activities . 6
7.3.3 Parties . 6
7.3.4 Roles and sub-roles . 6
7.3.5 Cloud services . 7
7.3.6 Cloud deployment models . 7
7.3.7 Cloud computing cross-cutting aspects . 8
7.4 Functional view of cloud computing . 8
7.4.1 General . 8
7.4.2 Functional components . 9
7.4.3 Functional layers . 9
7.4.4 Multi-layer functions . 9
7.5 Relationship between the user view and the functional view . 10
7.6 Relationship of the user view and functional view to cross-cutting aspects . 10
7.7 Implementation view of cloud computing . 10
7.8 Deployment view of cloud computing . 11
8 User view .11
8.1 Cloud computing roles and sub-roles . 11
8.1.1 General . 11
8.1.2 Cloud service customer role .12
8.1.3 Cloud service provider role . 14
8.1.4 Cloud service partner role . 17
8.2 Cloud computing activities . 19
8.2.1 General . 19
8.2.2 Activities associated with the CSC role . 19
8.2.3 Activities associated with the CSP role . 22
8.2.4 Activities associated with the CSN role .28
8.3 Cross-cutting aspects .29
8.3.1 General .29
8.3.2 Auditability. 30
8.3.3 Governance .30
8.3.4 Interoperability . 30
8.3.5 Maintenance and versioning .30
8.3.6 Performance . 31
8.3.7 Portability . 31
8.3.8 Protection of Personally Identifiable Information . 32
8.3.9 Reversibility . 32
8.3.10 Security . . . 32
8.3.11 Service levels and service level agreements .34
iii
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
9 Functional view .35
9.1 Functional architecture. 35
9.1.1 General . 35
9.1.2 Layering framework . . 35
9.2 Functional components . 37
9.2.1 General . 37
9.2.2 User layer functional components .38
9.2.3 Access layer functional components.38
9.2.4 Service layer functional components .39
9.2.5 Resource layer functional components .40
9.2.6 Multi-layer functions . 41
10 Relationship between the user view and the functional view .47
10.1 General . 47
10.2 Overview .48
10.2.1 Service capabilities functional component .48
10.2.2 Common roles, activities and functional components .48
10.2.3 Multi-tenancy and isolation .49
Annex A (informative) Further details regarding the user view and functional view .50
Bibliography .59
iv
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 38, Cloud computing and distributed platforms.
This first edition of ISO/IEC 22123-3 cancels and replaces ISO/IEC 17789:2014, which has been
technically revised.
The main changes are as follows:
— added differentiation between cloud computing parties and role;
— Figures 13, 14, and 15 were removed.
A list of all parts in the ISO/IEC 22123 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
v
© ISO/IEC 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 22123-3:2023(E)
Information technology — Cloud computing —
Part 3:
Reference architecture
1 Scope
This document specifies the cloud computing reference architecture (CCRA).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 22123-1, Information technology — Cloud computing — Part 1: Vocabulary
ISO/IEC 22123-2, Information technology — Cloud computing — Concepts
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 22123-1 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms related to security and privacy
3.1.1
personally identifiable information
PII
any information that (a) can be used to establish a link between the information and the natural person
to whom such information relates, or (b) is or can be directly or indirectly linked to a natural person
Note 1 to entry: The “natural person” in the definition is the PII principal. To determine whether a PII principal
is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder
holding the data, or by any other party, to establish the link between the set of PII and the natural person.
[SOURCE: ISO/IEC 29100:2011/Amd.1:2018, 2.9]
3.2 Terms relating to architecture
3.2.1
architecture
fundamental concepts or properties of a system in its environment embodied in its elements,
relationships, and in the principles of its design and evolution
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.2]
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
4 Symbols and abbreviated terms
For the purposes of this document, the symbols and abbreviated terms given in ISO/IEC 22123-2 and
the following apply.
CCRA cloud computing reference architecture
KPI key performance indicator
MSA master service agreement
OSS operational support systems
QoS quality of service
ToS terms of service
VLAN virtual local area network
5 Conventions
The following conventions apply:
1) Diagrams are used throughout this document to help illustrate the cloud computing reference
architecture (CCRA). Figure 1 provides the conventions in the diagrams.
NOTE In Figure 1, “Aspect” is to be understood as referring to “Cross-cutting aspect”.
Figure 1 — Conventions for CCRA diagrams
2) This CCRA uses the term ICT (information and communication technology as defined in
ISO/IEC/IEEE 24765:2017, 3.1853) and ICT systems. ICT is used to make it clear that the CCRA
covers not only the compute and storage technologies associated with computer systems, but also
the communications networks that link systems together.
6 Cloud computing reference architecture goals and objectives
Cloud computing is a paradigm for enabling network access to a scalable and elastic pool of shareable
physical or virtual resources with self-service provisioning and administration on-demand (see
ISO/IEC 22123-1).
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
The CCRA presented in this document provides an architectural framework that is effective for
describing the cloud computing roles, sub-roles, cloud computing activities, cross-cutting aspects, as
well as the functional architecture and functional components of cloud computing.
The CCRA serves the following goals:
— to describe the community of stakeholders for cloud computing;
— to describe the fundamental characteristics of cloud computing systems;
— to specify basic cloud computing activities and functional components, and describe their
relationships to each other and to the environment;
— to identify principles guiding the design and evolution of the CCRA.
The CCRA supports the following important standardization objectives:
— to enable the production of a coherent set of international standards for cloud computing;
— to provide a technology-neutral reference point for defining standards for cloud computing;
— to encourage openness and transparency in the identification of cloud computing benefits and risks.
The CCRA focuses on the requirements of “what” cloud services provide and not on “how to” design
cloud-based solutions and implementations. The CCRA does not represent the system architecture of a
specific cloud computing system, although it can put constraints on a specific system. The CCRA does
not define prescriptive solutions and is not tied to any specific vendor products, services or reference
implementation.
The CCRA is also intended to:
— facilitate the understanding of the operational intricacies of cloud computing;
— illustrate and provide understanding of various cloud services and their provisioning and use;
— provide a technical reference to enable the international community to understand, discuss,
categorize and compare cloud services;
— be a tool for describing, discussing, and developing a system-specific architecture using a common
framework of reference;
— facilitate the analysis of candidate standards in areas including security, interoperability,
portability, reversibility, reliability and service management, and support analysis of reference
implementations.
7 CCRA viewpoints
7.1 General
This document defines a CCRA that can serve as a fundamental reference point for cloud computing
standardization and which provides an overall framework for the basic concepts and principles of a
cloud computing system.
This clause provides an overview of the architectural approaches that are used in this document. The
cloud computing paradigm is composed of key characteristics, cloud computing roles and activities,
cloud capabilities types and cloud service categories, cloud deployment models, and cloud computing
cross cutting aspects.
7.2 CCRA architectural views
Cloud computing systems can be described using a viewpoint approach.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Four distinct viewpoints are used in the CCRA (see Figure 2):
— user view;
— functional view;
— implementation view;
— deployment view.
Figure 2 — Cloud computing architectural viewpoints
Table 1 provides a description of each of these views.
Table 1 — CCRA views
CCRA view Description of the CCRA view Scope
User view The system context, the parties, the roles, the Within scope
sub-roles and the cloud computing activities
Functional view The functions necessary for the support of Within scope
cloud computing activities
Implementation view The functions necessary for the implemen- Out of scope
tation of a cloud service within service parts
and/or infrastructure parts
Deployment view How the functions of a cloud service are tech- Out of scope
nically implemented within already-existing
infrastructure elements or within new ele-
ments to be introduced in this infrastructure
NOTE While details of the user view and functional view are addressed within this document, the
implementation and deployment views are related to technology and vendor specific cloud computing
implementations and actual deployments and are therefore out of scope of this document.
Figure 3 shows the transition from the user view to the functional view. Details are presented in 7.5.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 3 — Transition from user view to functional view
7.3 User view of cloud computing
7.3.1 General
The user view addresses the following cloud computing concepts:
— parties;
— roles and sub-roles;
— cloud computing activities;
— cloud services;
— cloud deployment models;
— cross-cutting aspects.
Figure 4 illustrates the relationships among parties, roles and sub-roles and their relationship to
activities and cross-cutting aspects.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 4 — User view entities
7.3.2 Cloud computing activities
ISO/IEC 22123-1 defines a cloud computing activity as a specified pursuit or set of tasks.
Cloud computing activities have a purpose and deliver one or more outcomes.
Activities in a cloud computing system are conducted using functional components (see 7.4.2).
Cloud computing activities are identified and described in more detail in 8.3.
7.3.3 Parties
ISO/IEC 22123-1 defines a party as a natural person or legal person, whether or not incorporated, or a
group of either. Parties in a cloud computing system are its stakeholders. ISO/IEC 22123-2 identifies the
following major parties of cloud computing:
— Cloud service customer (CSC)
— Cloud service partner (CSN)
— Cloud service provider (CSP)
ISO/IEC 22123-2 further describes that these parties are entities that play roles (and sub-roles). A
party can play more than one role at any given point in time and can only engage in a specific subset of
activities of that role.
7.3.4 Roles and sub-roles
ISO/IEC 22123-1 defines a role as a set of cloud computing activities that serves a common purpose.
ISO/IEC 22123-2 identifies the following as the major cloud computing roles:
— cloud service customer role (CSC role);
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
— cloud service provider role (CSP role);
— cloud service partner role (CSN role).
A sub-role is a sub-set of the cloud computing activities for a given role.
Different sub-roles can share the cloud computing activities associated with a given role.
Descriptions of the cloud computing roles are provided in 8.1.
7.3.5 Cloud services
Cloud services are the essential elements of a cloud computing system. Cloud services are covered in
ISO/IEC 22123-2.
Cloud services can be described in terms of the cloud capabilities types which they offer, based on the
resources provided by the cloud service. The CCRA focuses on the following cloud capabilities types:
— application capabilities type;
— platform capabilities type;
— infrastructure capabilities type.
Cloud capabilities types are described in ISO/IEC 22123-2:2023, 5.3.
Cloud services are also grouped into categories, where each category is a group of cloud services that
possess some common set of qualities. Representative cloud service categories include:
— infrastructure as a services (IaaS);
— platform as a service (PaaS);
— software as a service (SaaS);
— network as a service (NaaS).
The services in these categories can include capabilities from one or more of the cloud capabilities types
above.
Other cloud service categories are described in ISO/IEC 22123-2:2023, 5.4 and Annex A.
7.3.6 Cloud deployment models
Cloud deployment models are defined in ISO/IEC 22123-1 and described in ISO/IEC 22123-2:2023, 5.5.
Cloud deployment models are a way in which cloud computing systems can be organized based on the
control and sharing of physical or virtual resources.
The CCRA focuses on the following cloud deployment models:
— public cloud;
— private cloud;
— community cloud;
— hybrid cloud.
NOTE Additional cloud deployment models include multi-cloud and federated cloud. See ISO/IEC 5140 for
additional details.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
7.3.7 Cloud computing cross-cutting aspects
Cross-cutting aspects are behaviours or capabilities which need to be coordinated across roles and
implemented consistently in a cloud computing system.
Cross-cutting aspects can be shared and can impact multiple roles, cloud computing activities and
functional components.
Cross-cutting aspects apply to multiple individual roles or functional components.
Cross-cutting aspects of cloud computing described in ISO/IEC 22123-2:2023, Clause 7 include:
— auditability;
— availability;
— governance;
— interoperability;
— maintenance and versioning;
— performance;
— portability;
— protection of personally identifiable information;
— regulatory;
— resiliency;
— reversibility;
— security;
— service levels and service level agreements.
7.4 Functional view of cloud computing
7.4.1 General
The functional view is a technology neutral view of the functions necessary to form a cloud computing
system. The functional view describes the distribution of functions necessary for the support of cloud
computing activities.
The functional architecture also defines the dependencies among the functional components.
The functional view addresses the following cloud computing items:
— functional layers;
— functions;
— functional components;
— multi-layer functional components.
For the purposes of this document, the term “functional component” is used to represent a set of one or
more functions.
Figure 5 illustrates the concepts of functions, layers and functional components.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 5 — Functional layering
The cloud computing functional architecture is described in subclause 9.1.
7.4.2 Functional components
ISO/IEC 22123-1 defines a functional component as a functional building block needed to engage in an
activity, backed by an implementation.
The capabilities of a cloud computing system are fully defined by the set of implemented functional
components.
Functional components are further described in subclause 9.2.
7.4.3 Functional layers
A layer is a set of functional components that provide similar capabilities or serve a common purpose.
The functional architecture is partially layered (i.e. has layers and a set of multi-layer functions).
There are four distinct layers defined in the CCRA:
— user layer, which includes functional components that support the cloud computing activities of
CSCs and CSNs;
— access layer, which includes functional components that facilitate function distribution and
interconnection;
— service layer, which includes functional components that provide the cloud services themselves plus
related administration and business capabilities, and the orchestration capabilities necessary to
realize them;
— resource layer, which includes the functional components that represent the resources needed to
implement the cloud computing system.
Not all layers or functional components are necessarily instantiated in a specific cloud computing
system.
7.4.4 Multi-layer functions
The multi-layer functions include functional components that provide capabilities that are used across
multiple functional layers
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Multi-layer functional components can be classified on the basis of their purpose:
— development support;
— integration;
— security systems;
— operational support systems;
— business support systems.
Functional components of the multi-layer functions are described in clause 9.2.6.
7.5 Relationship between the user view and the functional view
Figure 6 illustrates how the user view provides the set of cloud computing activities that are represented
within the functional view (and realized using the technologies of the implementation view).
Figure 6 — From user view to functional view
Further details on the relationship between the user view and functional view can be found in clause 10.
7.6 Relationship of the user view and functional view to cross-cutting aspects
Cross-cutting aspects, as their name implies, apply across both the user view and across the functional
view of cloud computing.
Cross-cutting aspects apply to roles and sub-roles in the user view and directly or indirectly affect the
activities which those roles perform.
Cross-cutting aspects also apply to the functional components within the functional view, which are
used when performing the activities described in the user view.
Clause 8.2 provides additional information on cross-cutting aspects.
7.7 Implementation view of cloud computing
While details of the user view and functional view are addressed within this document, the
implementation view is out of the scope of this document.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
7.8 Deployment view of cloud computing
While details of the user view and functional view are addressed within this document, the deployment
view is out of the scope of this document.
8 User view
8.1 Cloud computing roles and sub-roles
8.1.1 General
It is often necessary to differentiate requirements and issues for the following major cloud computing
parties: CSC, CSP, and CSN.
When playing a role, the party can restrict itself to playing one or more sub-roles. Sub-roles are a subset
of the cloud computing activities of a given role.
In addition to the CSC role, CSP role, and CSN role (see 7.3.4), ISO/IEC 22123-2 identifies a set of sub-
roles for each and uses a naming convention in which the name of a sub-role has the prefix of “CSC:” for
CSC sub-roles, “CSN:” for CSN sub-roles, or “CSP:” for CSP sub-roles and then the sub-role name. Table 2
shows the prefix for each of the three cloud computing roles.
Table 2 — Cloud computing sub-roles
Role Sub-role prefix Example
CSC role “CSC:” CSC: cloud service admin-
istrator
CSP role “CSP:” CSP: network provider
CSN role “CSN:” C S N: c loud aud i t or
Roles and sub-roles are sets of activities (see 8.2).
Figure 7 shows the roles of cloud computing, with their associated sub-roles.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 7 — Roles and sub-roles
Additional information is provided on the CSC role in 8.1.2, the CSP role in 8.1.3, and the CSN role in
8.1.4.
8.1.2 Cloud service customer role
8.1.2.1 General
ISO/IEC 22123-1 defines a CSC as a party that is acting in the cloud service customer role (CSC role).
The CSC is in a business relationship with a CSP or a CSN for the purpose of using cloud services. The
CSC role can include ensuring the smooth operation of the cloud services, acquisition and use of cloud
services, and integration of cloud services with a CSC’s existing ICT systems.
Figure 8 shows the common sub-roles for the CSC role as well as the associated activities; the activities
listed are not exhaustive.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 8 — Sub-roles and activities for the CSC role
8.1.2.2 CSC: cloud service user
The CSC: cloud service user is a sub-role of the CSC role which is associated with a CSC that uses cloud
services.
The CSC: cloud service user's cloud computing activities include: use cloud service (8.2.2.1).
8.1.2.3 CSC: cloud service administrator
The CSC: cloud service administrator is a sub-role of the CSC role which has a main goal of ensuring
the effective use of cloud services and that those cloud services are running well with the customer’s
existing ICT systems and applications. The CSC: cloud service administrator oversees all the operational
processes relating to the use of cloud services and acts as the focal point for technical communications
between the CSC and one or more CSPs.
The CSC: cloud service administrator’s cloud computing activities include:
— perform service trial (8.2.2.2);
— monitor service (8.2.2.3);
— administer service security (8.2.2.4);
— handle problem reports (8.2.2.5);
— provide billing and usage reports (8.2.2.6);
— administer tenancies (8.2.2.7).
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
8.1.2.4 CSC: cloud service business manager
The CSC: cloud service business manager is a sub-role of the CSC role which aims to meet the business
goals of the CSC through the acquisition and use of cloud services in a cost efficient way. The CSC: cloud
service business manager is concerned with financial and legal aspects of the use of cloud services. This
includes approval to operate as well as on-going ownership of, and accountability for, meeting business
goals.
The CSC: cloud service business manager's cloud computing activities include:
— perform business administration (8.2.2.8);
— select and purchase cloud service (8.2.2.9);
— request audit report (8.2.2.10).
8.1.2.5 CSC: cloud service integrator
The CSC: cloud service integrator is a sub-role of the CSC role that supports integration of cloud services
with a CSC’s ICT systems, including applications, functions and data.
The CSC: cloud service integrator's cloud computing activities include: connect ICT systems to cloud
services (8.2.2.11).
8.1.3 Cloud service provider role
8.1.3.1 General
ISO/IEC 22123-1 defines a CSP as a party that is acting in the cloud service provider role (CSP role). The
CSP is in a business relationship with a CSC or a CSN for the purpose of providing cloud services.
The CSP role is a set of activities that make cloud services available. The CSP role focuses on activities
necessary to provide a cloud service and activities necessary to ensure its delivery to the CSC as well
as cloud service maintenance. The CSP role includes an extensive set of activities including. providing
services, deploying and monitoring services, managing business plans, providing audit data, etc.
Specific descriptions of sub-roles for CSP role and associated activities are described in 8.1.3.2 through
8.1.3.9.
Figure 9 shows the common sub-roles for the CSP role as well as the associated activities; the activities
listed are not exhaustive.
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
Figure 9 — Sub-roles and activities for the CSP role
8.1.3.2 CSP: cloud service operations manager
The CSP: cloud service operations manager is a sub-role of the CSP role which is responsible for
performing all operational processes and procedures of the CSP, ensuring that all services and
associated infrastructure meet operational targets.
The CSP: cloud operations manager's cloud computing activities include:
— prepare systems (8.2.3.1);
— monitor and administer services (8.2.3.2);
— manage assets and inventory (8.2.3.3);
— provide audit data (8.2.3.4).
8.1.3.3 CSP: cloud service deployment manager
The CSP: cloud service deployment manager is a sub-role of the CSP role which has responsibility for
the planning of the deployment of a service into production. This includes defining the operational
environment for the service, the initial steps for deployment of the service and its dependencies, and
the enablement of operations processes which are used during the running of the service.
The CSP: cloud service deployment manager’s cloud computing activities include:
— define environment and processes (8.2.3.5);
— define and gather metrics (8.2.3.6);
© ISO/IEC 2023 – All rights reserved

ISO/IEC 22123-3:2023(E)
— define deployment steps (8.2.3.7).
8.1.3.4 CSP: cloud service manager
The CSP: cloud service manager is a sub-role of the CSP role which has responsibility for ensuring that
the CSP's services are available for use by CSCs, and that they function correctly and comply with targets
specified in the service level agreement. The CSP: cloud service manager is also responsible for ensuring
the smooth operation of the CSP's business support system and operational support system, as well as
the operation of the other functionalities offered to the CSCs and CSNs for management, administration
and other cloud computing activities.
The CSP: cloud service manager's cloud computing activities include:
— provide services (8.2.3.8);
— deploy and provision services (8.2.3.9);
— perform service level management (8.2.3.10).
8.1.3.5 CSP: cloud service business manager
The CSP: cloud service business manager is a sub-role of the CSP role which has overall responsibility
for the business aspects of offering cloud services to CSCs. The CSP: cloud service business manager
creates and tracks the business plan, defines the service offering strategy and manages the business
relationship with CSCs.
The CSP: cloud service business manager's cloud computing activities include:
— manage business plan to provide cloud services (8.2.3.11);
— manage customer relationships (8.2.3.12);
— manage financial processing (8.2.3.13).
8.1.3.6 CSP: customer support and care representative
The CSP: customer support and care representative is a sub-role of the CSP role that is the main interface
for the CSC with the CSP and is responsible for reacting to customer issues and queries in a timely and
cost efficient way, with the goal of maintaining customer satisfaction with the cloud service provided
to the CSC.
The CSP: customer support and care representative’s cloud computing activities include: handle
customer requests (8.2.3.14).
8.1.3.7 CSP: primary inter-cloud provider
The CSP:p rimary inter-cloud provider is a sub-role of the CSP role that relies on one or more secondary
CSPs to provide part or all of the cloud services offered to CSCs by that CSP:p rimary inter-cloud
provider. The CSP: primary inter-cloud provider's main activities are the intermediation, aggregation,
or arbitrage of secondary CSPs' cloud services and their business and administration capabilities from
the CSC viewpoint - so that the CSC only uses the service, business and administration interfaces of the
primary cloud service provider.
The CSP:p rimary inter-cloud provider's cloud computing activities in
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

SIST
oSIST prEN ISO 22123-2:2026(Main)
Information technology - Cloud computing - Part 2: Concepts (ISO/IEC 22123-2:2023)
prEN ISO 22123-2

This document specifies concepts used in the field of cloud computing. These concepts expand upon the cloud computing vocabulary defined in ISO/IEC 22123-1 and provide a foundation for other documents that are associated with cloud computing.

  • Draft
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO 22123-1:2026(Main)
Information technology - Cloud computing - Part 1: Vocabulary (ISO/IEC 22123-1:2023)
prEN ISO 22123-1

ISO/IEC 22123-1:2023 defines terms used in the field of cloud computing.

  • Draft
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/CLC/TS 18026:2024(Main)
Three-level approach for a set of cybersecurity requirements for cloud services
CEN/TS 18026:2024

This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations

  • Technical specification
    180 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27017:2021(Main)
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
EN ISO/IEC 27017:2021

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP ISO/TR 22428-1:2021(Main)
Managing records in cloud computing environments - Part 1: Issues and concerns
ISO/TR 22428-1:2020

This document presents a model for cloud records management and outlines the risks and issues that are considered by records managers before adopting cloud services for records management. The model for cloud records management includes a stakeholder model, processes, metadata, architecture, and use cases. Risks and issues are classified into those originating from cloud services internally and those originating from cloud services externally. Internal risks are associated with cloud services, systems and stakeholders. External risks and issues can occur in the social and legal context in which cloud services operate.
The target audience of this document includes:  
— records, information, knowledge, and governance professionals;  
— cloud service architects;  
— archivists using cloud services for managing records;  
— developers of cloud-deployed records management software;  
— ICT staff; and  
— providers of cloud-based records management services.

  • Technical report
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    24 pages
    English language
    sale 15% off
SIST
SIST EN ISO/IEC 27018:2020(Main)
Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2019)
EN ISO/IEC 27018:2020

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO/IEC 27017:2025(Main)
Information security, cybersecurity and privacy protection - Information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC DIS 27017:2025)
prEN ISO/IEC 27017

This document provides guidance for information security controls, based on ISO/IEC 27002, applicable to the provision and use of cloud services.  This document provides:
—  additional guidance for relevant controls specified in ISO/IEC 27002:2022;
—  additional controls with guidance that specifically relate to cloud services.
This document provides controls and guidance for CSCs and CSPs.
 This document applies to all types of cloud deployment models including the private cloud. When applying this document to the private cloud, the controls and guidance of this document are applicable, although adjustments can be necessary to adapt to the relationships and abilities of an organization’s internal departments.”

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 18227:2026(Main)
Automotive fuels - E20 petrol - Requirements and test methods
CEN/TS 18227:2025

This document specifies requirements and test methods for E20 petrol marketed and delivered as such, containing a minimum oxygen content of 3,7 % (m/m) and a maximum of 8,0 % (m/m). The fuel has a maximum of 20,0 % (V/V) ethanol.
It is applicable to fuel for use in spark-ignition petrol-fuelled engines and vehicles.
This document is complementary to EN 228, which describes unleaded petrol containing an oxygen content up to 3,7 % (m/m) and a maximum ethanol content of 10 % (V/V).
NOTE 1   For general petrol engine vehicle warranty, E20 petrol might not be suitable for all vehicles and it is advised that the recommendations of the vehicle manufacturer are consulted before use. E20 petrol might need a validation step to confirm the compatibility of the fuel with the vehicle, which for some existing engines might still be needed.
NOTE 2   For the purposes of this document, the terms “% (m/m)” and “% (V/V)” are used to represent respectively the mass fraction, µ, and the volume fraction, φ.

  • Technical specification
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 80601-2-70:2026(Main)
Medical electrical equipment - Part 2-70: Particular requirements for basic safety and essential performance of sleep apnoea breathing therapy equipment (ISO 80601-2-70:2025)
EN ISO 80601-2-70:2025

This document is applicable to the basic safety and essential performance of sleep apnoea breathing therapy equipment, hereafter referred to as ME equipment, intended to alleviate the symptoms of patients who suffer from obstructive sleep apnoea by delivering a therapeutic breathing pressure to the respiratory tract of the patient. Sleep apnoea breathing therapy equipment is intended for use in the home healthcare environment by lay operators as well as in professional healthcare institutions.
Sleep apnoea breathing therapy equipment is not considered to utilize a physiologic closed-loop-control system unless it uses a physiological patient variable to adjust the therapy settings.
This document excludes sleep apnoea breathing therapy equipment intended for use with neonates.
This document is applicable to ME equipment or an ME system intended for those patients who are not dependent on artificial ventilation. This document is not applicable to ME equipment or an ME system intended for those patients who are dependent on artificial ventilation such as patients with central sleep apnoea.
This document is also applicable to those accessories intended by their manufacturer to be connected to sleep apnoea breathing therapy equipment, where the characteristics of those accessories can affect the basic safety or essential performance of the sleep apnoea breathing therapy equipment.
Masks and application accessories intended for use during sleep apnoea breathing therapy are additionally addressed by ISO 17510. Refer to Figure AA.1 for items covered further under this document.
If a clause or subclause is specifically intended to be applicable to ME equipment only, or to ME systems only, the title and content of that clause or subclause will say so. If that is not the case, the clause or subclause applies both to ME equipment and to ME systems, as relevant.
Hazards inherent in the intended physiological function of ME equipment or ME systems within the scope of this document are not covered by specific requirements in this document except in 7.2.13 and 8.4.1 of the general standard.
NOTE 2        See also 4.2 of the general standard.
This document does not specify the requirements for:
–    ventilators or accessories intended for critical care ventilators for ventilator-dependent patients, which are given in ISO 80601‑2‑12.
–    ventilators or accessories intended for anaesthetic applications, which are given in ISO 80601-2-13.
–    ventilators or accessories intended for home care ventilators for ventilator-dependent patients, which are given in ISO 80601-2-72.
–    ventilators or accessories intended for emergency and transport, which are given in ISO 80601-2-84.
–    ventilators or accessories intended for home-care ventilatory support, which are given in ISO 80601‑2-79 and ISO 80601‑2‑80.
–    high-frequency ventilators[23], which are given in ISO 80601-2-87.
–    respiratory high flow equipment, which are given in ISO 80601‑2‑90;
NOTE 3      ISO 80601-2-80 ventilatory support equipment can incorporate high-flow therapy operational mode, but such a mode is only for spontaneously breathing patients.
–    user-powered resuscitators, which are given in ISO 10651-4;
–    gas-powered emergency resuscitators, which are given in ISO 10651-5;
–    oxygen therapy constant flow ME equipment; and
–    cuirass or “iron-lung” ventilation equipment.

  • Standard
    89 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 15016-2:2023+A1:2026(Main + Amendment)
Railway applications - Technical documents - Part 2: Parts lists
EN 15016-2:2023+A1:2025

This document specifies the preparation and reproduction of design parts. This document defines the basic principles and structure of design parts lists. This document is applicable to all design parts lists for railway applications.

  • Standard
    26 pages
    English language
    sale 10% off
    e-Library read for
    1 day