Demonstrate your commitment to protecting personally identifiable information (PII) in public clouds with an audit against the ISO/IEC 27018 standard.
In today’s interconnected world, information security is paramount. Building upon your ISO/IEC 27001 certification, ISO/IEC 27018 helps to protect information security by establishing objectives, controls and guidelines for protecting PII in public clouds.
The standard’s PII protection requirements are based on ISO/IEC 27002, which sets out security techniques and a code of practice for information security control. ISO/IEC 27018 is also in line with ISO/IEC 29100, which provides principles for ensuring privacy in a public cloud computing environment.
ISO/IEC 27018 applies to all organizations, including public and private companies, government entities and not-for-profits, that provide information processing services as PII processors via cloud computing under contract to other organizations.
Its guidelines may also be relevant to organizations acting as PII controllers. However, PII controllers may be subject to additional PII protection legislation, regulations and obligations that are not covered by this standard.
Benefits of ISO/IEC 27018 certification include:
- Protection against fines and penalties
- Increased confidence in your business
- Competitive advantage
- Increased potential for business growth
What is the ISO/IEC 27018 certification process?
There are seven steps to the process:
- Application and quote
- Competence analysis – identify gaps in skills and competence at the outset
- Gap assessment – identify any weaknesses before the formal audit
- Stage 1 audit – confirmation that implementation is on track
- Stage 2 audit – confirmation that implementation is complete
- Certification – share your success
- Ongoing improvement – regular surveillance visits
Aligning with the UN Sustainable Development Goals (SDGs)
ISO/IEC 27018 contributes to UN Sustainable Development Goals eight and nine.
How can SGS help?
We have extensive expertise in information technology security techniques and cloud security. We will help you along the path to certification with an ISO/IEC 27018 audit, which can include a gap assessment and benchmarking.
ISO/IEC 27018 certification can be done with the organization’s ISO/IEC 27001 certification audit or after a successful ISO/IEC 27001 audit.
Contact us to learn more about ISO/IEC 27018 certification audits.