ISO/IEC 27018:2019

What is ISO 27018?

ISO 27018 is a code of practice for public cloud service providers and covers the use of Personal Identifiable Information (PII) in the public cloud. This practice serves two purposes:

• Provides helpful implementation guidance for the controls in ISO 27001.
• Provides additional guidelines on the protection requirements of PII for the public cloud.

What are ISO 27018’s objectives?

ISO 27018 gives generic guidance on information security categories and is directed to public cloud services providers that act as PII processors.

Its main objectives are to:

• Help the public cloud PII processor meet their requirements.
• Enable transparency, so that public cloud users can access secure, well-managed cloud-based PII processing services.
• Help cloud providers and users establish contractual agreements for processing PII
• Provide cloud service customers with an audit and compliance methodology

Why is it important to secure PII?

The latest studies show that 80% of all breaches involve PII.  Securing PII gives your customers confidence and gives your organization the policies and procedures needed to minimize the risk in handling PII.

• Minimizes data collection and retention
• Performs a secure data destruction schedule
• Encrypts data at storage and transmission
• Places limits on data access
• Trains employees on how to handle PII
• Being compliant with relevant regulations and laws
• Implements an information governance strategy in your organization

ISO/IEC 27018:2019 is an information security code of practice for cloud service providers who process personally identifiable information for their customers. It’s an extension to ISO 27001 and ISO 27002, and it provides additional security controls. It details privacy requirements and security control enhancements for privacy to be implemented by cloud service providers. It is complementary to ISO 27017 Security Control for Cloud Services, and to ISO 27701, Privacy Information Management, both of which also extend ISO 27001.

As an extension to ISO 27001, ISO 27018 provides guidance on 16 ISO 27002 controls, as well as providing 25 new privacy and security controls.

BENEFITS

• Inspires confidence – provides greater assurance to customers and stakeholders that personal data and information is protected.
• Competitive advantage – is a competitive differentiator by protecting personal information at the highest level.
• Maintains brand reputation – reduces the risk of adverse publicity due to data breaches.
• Reduces risk – ensures that risks are identified, and controls are in place to manage or reduce them.
• Protects against sanctions/fines – ensures local regulations are complied with, reducing the risk of sanctions/fines for data breaches.

Show your customers and business partners with an ISO 27018 certificate, that information security is a priority for you.

What is the Kompleye certification process? Please Click here to learn more.

Would you like to learn more about information security management certification? Feel free to contact us!

HOW KOMPLEYE CAN HELP?

With in-depth industry knowledge and extensive experience in the field of Cybersecurity Maturity Models like HITRUST-CSF, CSA Star Attestation, and Cybersecurity Frameworks (i.e. ISO 27001-2013, NIST 800-171), we aim to offer the finest quality of services to your organization. With a team of healthcare specialists who have extensive experience, we can make for a seamless and streamlined assessment process offering the most appropriate recommendations based on the imminent needs of your firm and operations. Simply get in touch with us for a 1-hour free consultation with an ISO certification process Partner. You will also get all relevant information regarding the ISO certification process. Simply contact us at info@kompleye.com or call +1(703) -814-0119.