ISO/IEC 27018
ISO 27018 is the international standard for cloud security management, providing a robust, internationally recognized benchmark for protecting personally identifiable information (PII) stored in the cloud.
Using ISO/IEC 27001 as a foundation, ISO/IEC 27018 provides specific guidance to help Cloud Service Providers (CSPs) assess their risks and implement controls for the protection of PII stored in the cloud.
Compliance with ISO/IEC 27018 guarantees a systematic approach to data protection and enables a CSP to demonstrate that it has implemented security controls to protect their confidential information in the cloud ecosystem. As long as an organization stores PII in the cloud then ISO/IEC 27018 is applicable to all types and sizes of organizations whether they are public, private companies or not-for-profit organizations. The guidelines may also be relevant to organizations acting as PII controllers.
Benefits of ISO/IEC 27018
- Greater stakeholder confidence. Compliance to ISO/IEC 27018 enables CSP’s to demonstrate they have implemented security controls to protect stakeholder confidential information in the cloud.
- Faster compliance of global operations. ISO/IEC 27018 provides common guidelines across different countries and enables CSP’s to do business globally.
- Supply chain requirement. ISO/IEC 27018 certification provides CSP’s with evidence demonstrating they have implemented procedures to protect PII, reducing the time taken negotiating for new business and providing a competitive edge.
- Greater legal protection. Certification to ISO/IEC 27018 guarantees a systematic approach to data protection helping CSP’s to address their data security risks and operate within the law.