ISO 27018 – Privacy of cloud services

What is it?

It provides a best practice basis for the protection of personally identifiable information (PII) in the cloud for organisations that act as processors of this information. Building on the security controls set out in ISO 27001 or the ISO 27002 code of practice, the standard adds security requirements for personally identifiable information (PII) on specific controls. ISO 27018 establishes additional requirements.

To whom is this addressed?

Organisations that process personally identifiable information at the cloud.

Benefits into the market

• Provides confidence in the protection of information against access or data breaches.
• Control of the risks to which the information is exposed (PII).
• Protection of information under an international standard.
• Management system that ensures the protection of data subjects’ information.

Benefits with customers

• Confidence in the protection of customer and stakeholder information.
• Protection against access or data breaches.
• Clear identification of the risks to which the information is exposed (PII).
• Establishment of controls for their mitigation.

Benefits for the organization’s management

• Competitive advantage of the company over its competitors.
• Demonstrate due diligence and prevention plans in the event of an accident/incident.
• Detailed controls guidance to be applied in the implemented management system.

En ICDQ, entendemos que cada organización es única, con necesidades y objetivos distintos. Por ello, nos esforzamos por ofrecer soluciones de certificación personalizadas y escalables que se ajusten perfectamente a tus requisitos. Ya sea local o global, estamos preparados para acompañarte en tu camino. No importa cuál sea tu desafío, estamos aquí para adaptarnos a ti. ¡Hablemos de tus necesidades hoy mismo!