ISO TS 23535:2022 pdf download – Health informatics — Requirements for customer-oriented health cloud service agreements.
1 Scope This document describes a core set of cloud service agreements for customer-oriented health cloud services. This document covers a customer-oriented cloud service agreement that can be used in healthcare organizations and public health centers that use health cloud services. This document defines key characteristics in the health cloud service agreement that are indispensable in providing optimal health/healthcare management functionalities. Privacy and security features are considered outside the scope of this document and are covered in ISO/TR 21332. The purpose of this document is to present matters to be considered (e.g., cloud type, components, key characteristics) by stakeholders involved in the implementation of cloud computing in hospitals or healthcare organizations. The potential users of this document are mainly 1) IT managers of hospitals, 2) hospital management, and 3) cloud service providers and cloud partners that provide services to healthcare institutions. 2 Normative references There are no normative references in this document. 3? Terms? and? definitions For the purposes of this document, the following terms and definitions apply. ISO and IEC maintain terminology databases for use in standardization at the following addresses: — ISO Online browsing platform: available at https:// www .iso .org/ obp — IEC Electropedia: available at https:// www .electropedia .org/ 3.1 application capabilities type cloud capabilities type (3.2) in which the cloud service customer (3.9) can use the cloud service provider’s (3.10) applications [SOURCE: ISO/IEC 17788:2014, 3.2.1] 3.2 cloud capabilities type classification of the functionality provided by a cloud service (3.5) to the cloud service customer (3.9) based on resources used [SOURCE: ISO/IEC 17788:2014, 3.2.4] 3.3 customer-oriented relating to the needs and interests of individual customers, including businesses
3.4 cloud computing paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand [SOURCE: ISO/IEC 17788:2014, 3.2.5] 3.5 cloud service one or more capabilities offered via cloud computing (3.4) involved using a defined interface [SOURCE: ISO/IEC 17788:2014, 3.2.8] 3.6 cloud service agreement CSA documented agreement between the cloud service provider (3.10) and cloud service customer (3.9) that governs the covered service(s) [SOURCE: ISO/IEC 22123-1:2021, 3.8.8, modified – Note to entry removed.] 3.7 cloud service category group of cloud services (3.5) that possess some common set of qualities [SOURCE: ISO/IEC 17788:2014, 3.2.10, modified – Note to entry removed.] 3.8 cloud service characteristic qualitative or quantitative property of a cloud service (3.5) [SOURCE: ISO/IEC 19086-2:2018, 3.1] 3.9 cloud service customer CSC party (3.16) which is in a business relationship for the purpose of using cloud services (3.5) [SOURCE: ISO/IEC 17788:2014, 3.2.11] 3.10 cloud service provider CSP party (3.16) which makes cloud services (3.5) available [SOURCE: ISO/IEC 17788:2014. 3.2.15] 3.11 incident conclusion report final report on failures submitted to the provider, organized and prepared in chronological order, specified by explanations and countermeasures 3.12 infrastructure as a service IaaS cloud computing (3.4) service model defined in section 2 of the NIST Definition of Cloud Computing [SP800145] [SOURCE: ISO/IEC 19831:2015, 3.8]