Home /

What is the purpose of ISO/IEC 27018:2019?

What is the purpose of ISO/IEC 27018:2019?

What is the purpose of ISO/IEC 27018:2019?

ISO/IEC 27018:2019 was established to identify the international standard for protecting “Personally Identifiable Information” (PII) in cloud storage.

It is the code of practice for public cloud service providers. A Personally Identifiable Information processor is any public cloud service provider that deals with processes or information that has personal data in it for their clients.

ISO/IEC 27018:2019 aims to;

  • Provide supportive implementation guidance (on top of ISO 27002) for the controls provided in ISO/IEC 27001
  • Identify extra guidance on Personally Identifiable Information protection requirements for the public cloud that are not covered in ISO 27001

What are the objectives of ISO/IEC 27018:2019?

ISO/IEC 27018:2019 provides guidance on information security categories. The standard is for public cloud services providers that act as PII processors.

Its key objectives are to:

  • Support the public cloud PII processor to fulfil the obligations
  • Provide guidance for public cloud services that are PII processors under contract
  • Enhances transparency and enables cloud service clients to access a secure and well-maintained PII processing services
  • Support cloud services and users establish contractual agreements for processing PII
  • Provide cloud service clients an audit and compliance method
ISO 9001 QMS

ISO 9001 is the international standard designed to help organisations implement a Quality Management System (QMS).

Learn More