Code of protection of personally Identifiable Information (PII) in Public Cloud
A security breach in the public cloud based Personally Identifiable Information (PII) can severely impact large volumes of data and may even result in identity thefts, financial and personal losses or sensitive information hacking for a number of people. A PII security incident attracts regulatory fines and reputational damage for the cloud service providers (CSPs) as well as their customers. To avoid such breaches, there is a need for an efficient information security management system, specially customised for security and privacy scrutiny of PII protection for public clouds.
ISO/IEC 27018 is a standard that serves as guidelines or code of conduct for selecting PII protection controls within the process of implementing a cloud computing information security management system based on ISO/IEC 27001. It also helps implement commonly accepted PII protection controls for organisations offering information processing services as PII processors and PII controllers via public cloud computing under a contract or agreement.
Given the multi-fold increase in security incidents over the last few years, safeguarding of cloud-hosted sensitive data that holds PII has gained prime importance. The international standard of ISO/IEC 27018 can help mitigate the risk of data compromise for public cloud PII. The standard ensures that a cloud service provider has appropriate procedures in place for handling PII.
TÜV SÜD has the expertise and experience to assess your organisation's cloud security as per the requirements of ISO/IEC 27018. Through a detailed assessment, we can Identify the minimum amount of PII protection that you need to implement to avoid cyber-attacks.
YOUR BENEFITS AT A GLANCE
Fill-in the adjacent form to know more about our auditing and certification services.