Public cloud

According to the U.S. National Institute of Standards and Technology (NIST), a public cloud infrastructure is provisioned for open use by the general public. It is owned, managed, and operated by a business, academic, or government organization, and its computing resources are delivered over the Internet.

When storing personal data or trade secrets in the public cloud, Taiwanese companies must comply with the Personal Data Protection Act's requirements for supervising outsourced vendors and cross-border data transfers. If the provider's infrastructure is abroad, international regulations like the EU's GDPR may apply. Furthermore, highly regulated industries like semiconductors and finance face supply chain demands to meet specific cloud security standards, risking loss of orders and legal penalties.

Key related standards include: ISO/IEC 27001 (Information Security Management Systems), ISO/IEC 27017 (Code of practice for information security controls for cloud services), and ISO/IEC 27018 for protecting Personally Identifiable Information (PII) in public clouds. The GDPR (General Data Protection Regulation) is also critical when processing data of EU residents.

Winners Consulting is Taiwan's first consultancy to integrate ERM, industrial engineering, technology law, and data science. Led by a founder with a preventive law background, our team of tech lawyers and ISO Lead Auditors helps clients like TSMC and MediaTek vertically integrate cloud certifications (e.g., ISO 27017) with corporate governance and internal controls. This approach ensures compliance while genuinely strengthening trade secret protection, avoiding redundant and inefficient systems.