ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
What are the benefits of ISO/IEC 27018?
- Inspires trust in your business – provides greater reassurance to your customers and stakeholders that personal data and information is protected.
- Competitive advantage – stand out from your competitors by protecting personal information to the highest level.
- Protects your brand protection – reduces the risk of adverse publicity due to data breaches.
- Reduces risks – ensures that risks are identified and controls are in place to manage or reduce them.
- Protects against fines – ensures that local regulations are complied with, reducing the risk of fines for data breaches.
- Helps grow your business – provides common guidelines across different countries, making it easier to do business globally and gain access as a preferred supplier.