Home /

ISO/IEC 27018:2019 Protecting Personally Identifiable Information (PII) in Public Clouds

ISO/IEC 27018:2019 Protecting Personally Identifiable Information (PII) in Public Clouds

ISO/IEC 27018:2019 Protecting Personally Identifiable Information (PII) in Public Clouds

Cloud service providers who process PII under contract to their customers have to operate their services in ways that allow both parties to meet the requirements of applicable legislation and regulations covering the protection of PII (Personal Identifiable Information).

Software attacks, intellectual property theft or sabotage are just some of the many information security risks organizations face. Most organizations have on-site controls to protect information security, but how can we ensure that these controls are adequate? International reference guides for evaluating information security controls have been recently updated to assist.

Cloud computing is a common and fast growing type of internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g. computer networks, servers, storage, applications and services), which can be rapidly provisioned and released with minimal management effort. ​

Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their information in third-party data centres that may be located far from the user, ranging in distance from across a city to across the world. Cloud computing relies on sharing of resources to achieve coherence and economy of scale, similar to a utility (like the electricity grid) over an electricity network.

Cloud service providers who process PII under contract to their customers have to operate their services in ways that allow both parties to meet the requirements of applicable legislation and regulations covering the protection of PII ​(Personal Identifiable Information).

PII or Personal Identifiable Information is any data that can be used to clearly identify an individual. Some examples that have traditionally been considered personally identifiable information include, national insurance numbers in the UK, your mailing address, email address and phone numbers.

ISO 27018 is part of the ISO 27000 family of standards and is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.

Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.

What are the benefits of ISO / IEC 27018 for your company?

It gives your business confidence – it gives your customers and stakeholders more assurance that their personal data and information is protected. By protecting personal information at the highest level, you stand out from your competitors.

Protects your brand protection and reduces your risks – by identifying risks, ISO 27018 helps you define and enforce controls to reduce the risk of data breaches, protect your brand reputation and make sure you comply with local regulations.

Protects against fines – reduces the risk of fines for data breaches by ensuring compliance with legal regulations.

Helps your business grow – Getting ISO 27018 certification sets you apart from other cloud service providers and demonstrates your commitment to protecting PII. These two things enable you to get new business, a preferred supplier and global cloud services. By providing common guidelines in different countries, it enables you to do business globally and become a preferred supplier.

 

ISO Standards and Professional Trainings offered by CFECERT;

  • Certified Lead Auditor ISO/IEC 27001 and ISO/IEC 27701 (5 days)
  • Certified Internal Auditor (2 days) ISO/IEC 27001 and ISO/IEC 27701
  • Certified Implementation Course (2 days) ISO/IEC 27001, 27002, 27018, 27701.
  • Certified Awareness Course (1 day) ISO/IEC 27018, 27001 and ISO/IEC 27701

You can contact us at info@cfecert.co.uk to get information about our ISO / IEC 27008: 2019 Training and certification process

GDPR

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. This regulation will replace the EU Data Protection Directive.

Learn More