BS ISO/IEC 19944:2017 Information technology – Cloud computing – Cloud services and devices: Data flow, data categories and data use

BS ISO/IEC 19944:2017

Information technology. Cloud computing. Cloud services and devices: Data flow, data categories and data use

Status : Current, Project Underway   Published : October 2017



What is this standard about?

Devices such as tablets, smart phones and IoT sensors regularly send and receive data from the cloud – which is very useful. However it’s difficult for device users to know what data is flowing where; how it’s being processed; and for what purpose.

As a result, and in parallel, there’s a growing volume of regulation across the world mandating how personal data should be handled in digital environments. This standard was written with that regulation in mind.

It establishes common terminology and concepts so that cloud service providers can construct data use statements that clearly describe to device users how their data is being treated.

This in turn will help cloud services providers comply with personal data handling regulations like the EU’s General Data Protection Regulation (GDPR).

Who is this standard for?

  • Cloud service providers
  • Cloud service customers
  • Cloud services users and device users
  • Anyone involved in legal, policy, technical or other implications of data flows between devices and cloud services

Why should you use this standard?

This standard:

  • categorizes the cloud services, the elements running on the devices and the data flows
  • provides a taxonomy of data to allow a standardized description of the kinds of data flowing between devices and cloud services
  • provides categorization of the kinds of data use that occur and a standard means of describing the handling of personal data (PII)
  • defines a standardized form for "data use statements" which describe what processing is done with data, where it is done and for what purpose(s)

It will help cloud service providers clearly describe to service and device users how data is flowing and being processed in relation to cloud services and the devices using those services.

In the UK it is also particularly relevant in the context of the GDPR – which applies to the protection of personal data – because the standard gives cloud service providers a means of demonstrating the transparency (in terms of what data is being acquired, for what purposes, and how it’s being processed) that the GDPR requires.

Standard NumberBS ISO/IEC 19944:2017
TitleInformation technology. Cloud computing. Cloud services and devices: Data flow, data categories and data use
StatusCurrent, Project Underway
Publication Date04 October 2017
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)ISO/IEC 17789:2014, ISO/IEC 19086-1:2016, ISO/IEC 27033-3:2010, ISO/IEC 29100:2011, ISO/IEC 27040:2015, ISO/IEC 38505-1:2017, ISO/IEC 17788:2014
International RelationshipsISO/IEC 19944:2017
Draft Superseded By16/30313038 DC
DescriptorsComputer technology, Flow, Data, Computer networks, Data processing
Title in FrenchTechnologies de l'information. Informatique en nuage. Services et dispositifs en nuage:Débits, catégories et utilisation des données
ISBN978 0 580 88037 7
File Size2.35 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Worldwide Standards
We can source any standard from anywhere in the world


The faster, easier way to work with standards

Develop a PAS

Develop a fast-track standardization document in 9-12 months