It is the code of practice for public cloud service providers. A Personally Identifiable Information processor is any public cloud service provider that deals with processes or information that has personal data in it for their clients.
ISO/IEC 27018:2019 aims to;
- Provide supportive implementation guidance (on top of ISO 27002) for the controls provided in ISO/IEC 27001
- Identify extra guidance on Personally Identifiable Information protection requirements for the public cloud that are not covered in ISO 27001
What are the objectives of ISO/IEC 27018:2019?
ISO/IEC 27018:2019 provides guidance on information security categories. The standard is for public cloud services providers that act as PII processors.
Its key objectives are to:
- Support the public cloud PII processor to fulfil the obligations
- Provide guidance for public cloud services that are PII processors under contract
- Enhances transparency and enables cloud service clients to access a secure and well-maintained PII processing services
- Support cloud services and users establish contractual agreements for processing PII
- Provide cloud service clients an audit and compliance method