ISO/IEC 27018 Information technology - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

The cloud offers organizations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But ones people may not readily think of are medical records, IP addresses and banking statements.

Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.

What are the benefits of ISO/IEC 27018?

  • Inspires trust in your business – provides greater reassurance to your customers and stakeholders that personal data and information is protected.
  • Competitive advantage – stand out from your competitors by protecting personal information to the highest level.
  • Protects your brand protection – reduces the risk of adverse publicity due to data breaches.
  • Reduces risks – ensures that risks are identified and controls are in place to manage or reduce them.
  • Protects against fines – ensures that local regulations are complied with, reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries, making it easier to do business globally and gain access as a preferred supplier.

Where are you on your ISO/IEC 27018 certification journey?

Whether you’re new to ISO/IEC 27018 or looking to take your expertise further, we have the right training courses and resources. We offer packages that can be customized to your business to get you started with information security management. An ISO/IEC 27018 package can be designed to remove the complexity of getting you where you want to be – whatever your starting point.

What does ISO/IEC 27018 offer and why is it important?

Get a better understanding of the standard and how it helps Cloud Service Providers and their customers.

› Read the whitepaper

Why choose BSI?

We pioneered standards more than 100 years ago and today we’re the market leader. We help over 80,000 clients ranging from top global brands to small ambitious businesses in 172 countries to gain an edge over their competition. As one of the few organizations that understands standards from start to finish, we don’t only assess how well you’re meeting them, we create new standards from scratch and train teams globally to use them and perform better. Our knowledge can transform your organization.

Next steps

Whether you're starting the certification process, looking to transfer or just need to discuss options for your business, contact our expert team who will guide you through the process.