BSI launches certification scheme for the safety of personal data in the cloud

11 January 2016

(HERNDON, VA) The adoption of cloud computing in all sectors is increasing rapidly in order to manage costs and support scalability; however, concerns over the privacy and security of data remain. BSI, the business standards company has launched a training and certification scheme for the protection of personal data in the cloud.

ISO/IEC 27018 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors has been developed to provide cloud service providers and their customers with the confidence that any personal data processed in a cloud environment is safe from threats, shared only according to their wishes and maintained as dictated by local legal requirements. The certification scheme is relevant for any type or size of organization that provides public cloud computing services.

In order to demonstrate their compliance with the standard, cloud service providers must adopt several practices. These include making customers aware of where their data is stored, ensuring any major system changes are reviewed by independent third parties at regular intervals and documenting any infringements on data security (including steps taken to resolve problems and the possible consequences). In addition, they must identify and adhere to any local legal.

Kaara Pallop, Global Portfolio Manager at BSI comments, “Data is a valuable asset for any organization and any kind of breach can be costly to a business, not least to its reputation. This scheme provides greater assurance to customers and stakeholders that personal data and information are protected; it helps to reduce risk and ensures compliance with regulatory obligations. By choosing an ISO/IEC 27018 certified provider, both organizations and customers can be confident that the supplier has taken the technical and legislative steps necessary to protect one of their most valuable assets.”

ISO/IEC 27018 incorporates ISO/IEC 27001 Information Security Management to ensure that organizations establish a robust management system to protect public cloud data.

For more information, please visit: