ISO IEC 27018 certification

The ISO 27018 standard specifies requirements and guidelines for personally identifiable information protection within an information security management system (ISMS). TÜV SÜD can support you with ISO 27018 certification to assure businesses storing personal identifiable information (PII) on your cloud that you take private data protection seriously. 

The guidelines for the ISO 27018 standard help ensure personally identifiable information protection for both you and your customers. It also includes provisions for confidentiality agreements with CSP/CSC staff for PII processing and training. While ISO/IEC 27018 is not mandatory, it is increasingly recognised as the industry standard.

ISO IEC 27018 certification help you to: 

• Follow best practices – ISO IEC 27018 audits help you to follow best practices around protection PII in the cloud. You can be confident that your environments are safe.  
• Mitigate risk and reputational damage – Safeguard the access, storage, transmission and processing of PII data in the cloud and avoid damaging data breaches. 
• Gain a competitive edge – As more organisations attain ISO IEC 27018 certification, those which do not may struggle to win new contracts. 
• Clearly define responsibilities – Define which areas of PII you are responsible for and those your customers must take care of. This improves clarity and avoids misunderstandings.  
• Win customer trust – Many new cloud customers will now demand evidence that you are able to protect PII. Showing you have ISO IEC 27018 certification could save you time and effort.

TÜV SÜD is trusted around the world for our cloud assessment expertise. Our global network of experts has proven knowledge of PII security assessments as per ISO IEC 27018 guidelines. As TÜV SÜD is vendor agnostic, you and your customers can trust the impartiality and independence of our assessments.

We work with both major household-name CSPs as well as a wide variety of smaller cloud service providers and can adapt our processes to your needs and requirements. A third-party certification by TÜV SÜD demonstrates your commitment to information security.