ISO/IEC 27018:2019 Protection of Personally Identifiable Information (PII) in Public Clouds
The protection of PII from both internal and external threats is a major concern for every organization, irrespective of size or market sector. Furthermore, if that PII information is held in the Cloud, information security risks can increase and the requirement to have effective and specific cloud security controls in place is critical.
The purpose of ISO/IEC 27018, when used in conjunction with the information security objectives and controls in ISO/IEC 27002, is to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor. The Standard does not replace applicable legislation and regulations, (e.g. EU GDPR and HIPAA), but provides a common compliance framework for public cloud service providers, in particular those that operate in a multinational market.
This course is aimed at both cloud service providers and customers who are engaging with a cloud service provider.
The course will help to ensure that the appropriate information security controls are in place for protecting PII processed by cloud service providers under contract to their customers.