ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.

What are the benefits of ISO/IEC 27018?

  • Inspires trust in your business – provides greater reassurance to your customers and stakeholders that personal data and information is protected.
  • Competitive advantage – stand out from your competitors by protecting personal information to the highest level.
  • Protects your brand protection – reduces the risk of adverse publicity due to data breaches.
  • Reduces risks – ensures that risks are identified and controls are in place to manage or reduce them.
  • Protects against fines – ensures that local regulations are complied with, reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries, making it easier to do business globally and gain access as a preferred supplier.

Leave a Reply

Your email address will not be published. Required fields are marked *