ISO/IEC 19086-1

ISO/IEC 19086-1:2016, the first part to be released, includes an overview of SLAs for cloud services, the concepts and requirements involved, and terms commonly used in cloud SLAs.

Microsoft and ISO/IEC 19086-1:2016 Cloud Service Level Agreement Framework

Microsoft was one of many organizations that participated in the multiyear development of ISO/IEC 19086-1, and based on that involvement developed the Cloud Services Due Diligence Checklist. The checklist distills the standard into a document that organizations can use to systematically consider requirements for cloud projects and structure cloud service agreements and SLAs that meet their business objectives. Because the checklist is grounded in the new standard, it is service- and provider-neutral, applying to any organization requiring cloud services and any service provider offering them.

The remaining three parts of the standard are still under development:

  • ISO/IEC 19086-2 will define metrics for properties of the standard’s concepts.
  • ISO/IEC 19086-3 will prescribe conformance requirements for cloud SLAs.
  • ISO/IEC 19086-4 will identify security and privacy aspects of cloud SLAs.

Learn about the benefits of ISO/IEC 19086-1 on the Microsoft Cloud.

Download the ISO/IEC 19086-1 backgrounder
female actively discussing issue with male collegue sitting next to her

Forrester Research: Cloud service agreements omit key considerations

Microsoft commissioned Forrester Consulting to evaluate the current state of cloud agreements against the elements of the ISO/IEC 19086-1 Standard. Learn about the results.

Download the Study: Cloud Service Agreements Omit Key Considerations infographic

Download the Study: Cloud Service Agreements Omit Key Consideration

Watch the Study: Cloud Service Agreements Omit Key Considerations video

ISO/IEC 19086-1 Overview

The International Organization for Standardization (ISO) is an independent nongovernmental organization and the world’s largest developer of voluntary international standards. The International Electrotechnical Commission (IEC) is the world’s leading organization for the preparation and publication of international standards for electrical, electronic, and related technologies

A joint ISO/IEC subcommittee has developed the ISO/IEC 19086, a four-part family of standards that establishes a framework for cloud service level agreements (SLAs). These global standards provide guidance both for organizations considering a move to the cloud and for providers offering cloud services. ISO/IEC 19086 provides a structure for organizations of any size and type—private businesses and public sector organizations, including nonprofits and government at all levels—to identify their own performance, service, data management, and governance objectives and requirements as they consider cloud adoption.

ISO/IEC 19086-1:2016, the first part to be released, includes an overview of SLAs for cloud services, the concepts and requirements involved, and terms commonly used in cloud SLAs.

female working on laptop with male colleague looking at her screen
female working on laptop with male colleague looking at her screen

Assess your GDPR compliance

Find out if your organization meets personal data protection requirements. Take our quick, interactive 10-question evaluation to assess your readiness to comply with the GDPR today.

Take the assessment

Frequently asked questions

Expand all

No. ISO/IEC 19086-1 does not include a certification process. It is a guidance standard that provides a framework to help organizations conduct careful evaluations of cloud services and create cloud SLAs appropriate for their business.

Microsoft has been actively involved with the panel of experts that developed the ISO/IEC 19086 standard, and has distilled its 37 pages into a two-page checklist. The goal was to create a document that both organizations considering a move to the cloud and cloud service providers could more readily use to help them create a cloud SLA. Note that the checklist is not Microsoft-specific; it applies to all organizations and cloud service providers. And although the checklist provides a convenient entry point, organizations should get the ISO/IEC 19086-1:2016 standard to review the full definition and explanations of objectives summarized in the checklist.

Organizations should convene key stakeholders from across the company, including technical, legal, procurement, and risk management professionals to discuss how each item on the checklist applies to their organization’s cloud project. The team can then determine minimal requirements, ask providers to respond to each of the considerations in the checklist, and then decide which cloud service offering best meets their organizational objectives. For more assistance, please refer to the Cloud Services Due Diligence Checklist instructions.