ISO 27018 is the international standard for cloud security management, providing a robust, internationally recognized benchmark for protecting personally identifiable information (PII) stored in the cloud.
Using ISO 27001 as a foundation, ISO 27018 provides specific guidance to help Cloud Service Providers (CSPs) assess their risks and implement controls for the protection of PII stored in the cloud.
Compliance with ISO 27018guarantees a systematic approach to data protection and enables a CSP to demonstrate that it has implemented security controls to protect their confidential information in the cloud ecosystem.As long as an organization stores PII in the cloud then ISO 27018 is applicable to all types and sizes of organizations whether they are public, private companies or not-for-profit organizations. The guidelines may also be relevant to organizations acting as PII controllers.
Benefits of ISO 27018
- Greater stakeholder confidence. Compliance to ISO 27018 enables CSP’s to demonstrate they have implemented security controls to protect stakeholder confidential information in the cloud.
- Faster enablement of global operations. Because ISO 27018 provides common guidelines across different countries, it enables CSP’s to do business globally.
- Supply chain requirement. ISO 27018 certification, provides CSP’s with evidence demonstrating they have implemented procedures to protect PII, reducing the time taken negotiating for new business and providing a competitive edge.
- Greater legal protection. Certification to ISO 27018 guarantees a systematic approach to data protection helping CSP’s to address their data security risks and operate within the law.