This Paper is intended to provide the reader with a relevant and realistic assessment of what this Standard means to privacy and how information security processes and systems may be impacted when adopting the services of a CSP.