Protect the critical personally identifiable information (PII) of your organization and your customers with ISO 27018
As a growing number of organizations move to the cloud, the data entrusted to public cloud service providers (CSPs) often includes PII, such as bank records, credit card details and passport information. Consequently, a security breach can severely impact large data volumes, with the hacking of sensitive information resulting in identity theft and financial loss.
A PII security incident also attracts regulatory fines and reputational damage for both data owners and CSPs. It is therefore vital that CSPs’ customers can be assured that all the necessary cybersecurity checks and safeguards have been implemented. An effective information security management system (ISMS), which is specifically customized for security and privacy of PII protection in public clouds, reduces the risk of data breaches
Any business which stores its customers’ private details on your cloud will seek assurances that you take private data protection seriously. ISO/IEC 27108 (Information technology, security techniques, code of practice for protection of PII in public clouds) gives a framework for assessing how well an organization protects PII in public clouds. ISO/IEC 27018 guidelines helps to protect the highly sensitive or critical PII of your organization and your customers. It also includes provisions for confidentiality agreements with CSP/CSC staff for PII processing and training.
ISO/IEC 27018 serves as a guideline or code of practice for selecting PII protection controls within the process of implementing an ISO/IEC 27001-based ISMS in a cloud environment. While ISO/IEC 27001 safeguards an organization’s information assets, ISO/IEC 27018 helps CSPs to protect the highly sensitive or critical PII entrusted to them by their customers.
Earning your ISO 27018 certification provides your organization with several key benefits:
We provide complete ISMS and cloud PII security assessments, based on ISO/IEC 27001 and ISO/IEC 27018 guidelines. As TÜV SÜD is vendor agnostic, our assessments are both impartial and independent. We work with both major household-name CSPs as well as a wide variety of smaller cloud service providers and can adapt our processes to your needs and requirements.
TÜV SÜD is also a one-stop provider for other Management Systems Certification & Auditing Services.
Discover how these three standards differ
Bosnia and Herzegovina