ISO/IEC 27018

ISO/IEC 27018 is a code of practice for security of PII (personally identifiable information). It provides a code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors in line with ISO/IEC 29100 privacy principles for the public cloud computing environment.

ISO/IEC 27018 is the international code of practice and guideline published by the International Organization for Standardization (ISO), an independent, non-governmental international organization with a membership of 165 national standards bodies. This guideline was last reviewed and updated in 2019 and hence, the latest version of it is ISO/IEC 27018:2019.

This standard can be implemented by any organization, large or small, irrespective of its industry and field of activity. The standard is widely used by organizations that provide information processing services as PII processors via cloud computing under contract to other organizations. The guideline is also applicable and used by organizations acting as PII controllers. However, PII controllers are subject to additional PII regulations which do not apply to PII processors.

The benefits of ISO/IEC 27018 can be summarized as below:

  • Safeguards access, storage, transmission, and processing of data for CSP
  • Defines data retrieval and recovery strategies for CSP
  • Improved global operations and legal protection
  • Helps meet regulatory compliance which ensures avoidance of penalties and fines
  • Competitive advantage
  • Increased revenue by adhering to global cyber security compliances
  • Satisfied customers and increased trust in all stakeholders
  • Increased work efficiencies by streamlined processes
  • Increased revenue

Read More about ISO 27018

Read More