.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Protect personally identifiable information (PII) in public cloud environments.ISO/IEC 27018 is a code of practice for protecting personally identifiable information (PII) in public clouds acting as PII processors. It builds on ISO 27002 with privacy-specific controls for cloud service providers handling personal data on behalf of their customers.
ISO 27018 is implemented alongside ISO 27001 and is especially relevant for cloud providers that process personal data for their customers.
Who needs ISO 27018:2019?
Public cloud providers
Cloud processors handling PII on behalf of customers who want to demonstrate privacy protection.
Privacy-conscious buyers
Customers selecting cloud vendors that can prove strong PII handling practices.
Key components
PII processor controls
Controls specific to organizations processing PII in the cloud on behalf of others.
Consent and choice
Ensures PII is processed according to customer instructions and consent.
Transparency
Disclosure of sub-processors and data handling practices to customers.
Data return and deletion
Controls for returning and securely deleting PII at the end of a contract.
How DSALTA helps with ISO 27018:2019
Activate ISO 27018
Select ISO 27018 alongside your ISO 27001 ISMS. DSALTA maps PII protection controls.
Frequently asked questions
Is ISO 27018 certifiable on its own?
Is ISO 27018 certifiable on its own?
No. Like 27017, it extends ISO 27001 and is assessed as part of that certification scope.
Does 27018 satisfy GDPR?
Does 27018 satisfy GDPR?
It supports GDPR compliance for cloud processors but does not replace GDPR obligations.