ISO 27018
ISO Certification
Cloud Security Management System ISO 27018:2018
ISO/IEC 27018:2018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, ISO/IEC 27018:2018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. ISO/IEC 27018:2018 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in ISO/IEC 27018:2018 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2018 is not intended to cover such additional obligations.
* Greater stakeholder confidence. Compliance to ISO 27018 enables CSPs to demonstrate they have implemented security controls to protect stakeholder confidential information in the cloud. * Faster enablement of global operations. Because ISO 27018 provides common guidelines across different countries, it enables CSPs to do business globally. * Supply chain requirement. ISO 27018 certification provides CSPs with evidence demonstrating they have implemented procedures to protect PII, reducing the time taken negotiating for new business and providing a competitive edge. * Greater legal protection. Certification to ISO 27018 guarantees a systematic approach to data protection, helping CSPs to address their data security risks and operate within the law.