ISO 27018 – Privacy of cloud services

What is it?

It provides a best practice basis for the protection of personally identifiable information (PII) in the cloud for organisations that act as processors of this information. Building on the security controls set out in ISO 27001 or the ISO 27002 code of practice, the standard adds security requirements for personally identifiable information (PII) on specific controls. ISO 27018 establishes additional requirements.

To whom is this addressed?

Organisations that process personally identifiable information at the cloud.

Benefits into the market

• Provides confidence in the protection of information against access or data breaches.
• Control of the risks to which the information is exposed (PII).
• Protection of information under an international standard.
• Management system that ensures the protection of data subjects’ information.

Benefits with customers

• Confidence in the protection of customer and stakeholder information.
• Protection against access or data breaches.
• Clear identification of the risks to which the information is exposed (PII).
• Establishment of controls for their mitigation.

Benefits for the organization’s management

• Competitive advantage of the company over its competitors.
• Demonstrate due diligence and prevention plans in the event of an accident/incident.
• Detailed controls guidance to be applied in the implemented management system.

At ICDQ, we acknowledge the distinctive nature of every organization, characterised by unique needs and objectives. In light of this understanding, our commitment is to furnish customised and scalable certification solutions precisely tailored to your requirements. Whether your scope is local or global, we stand ready to accompany you throughout your journey. Irrespective of the challenges you may encounter, our adaptability is dedicated to meeting your specific needs. We invite you to engage in a discussion about your requirements today.