ISO/IEC 27018

ISO/IEC 27018

Protecting personally identifiable information in the public cloud

Protecting personally identifiable information in the public cloud

Red Overlay
Red Overlay

Keep personal identifiable information secure during the COVID-19 pandemic

ISO/IEC 27018 Information technology - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

The cloud offers organizations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But ones people may not readily think of are medical records, IP addresses and banking statements.

Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.

How can ISO/IEC 27018 benefit your organization?

  • Inspires trust in your business – provides greater reassurance to your customers and stakeholders that personal data and information is protected.
  • Competitive advantage – stand out from your competitors by protecting personal information to the highest level.
  • Protects your brand protection – reduces the risk of adverse publicity due to data breaches.
  • Reduces risks – ensures that risks are identified and controls are in place to manage or reduce them.
  • Protects against fines – ensures that local regulations are complied with, reducing the risk of fines for data breaches.
  • Helps grow your business – provides common guidelines across different countries, making it easier to do business globally and gain access as a preferred supplier.