• Original Registration Date: 2018-10-19
  • Effective Date: 2024-05-10
  • Latest Revision Date: 2024-04-24
  • Expiry Date: 2027-05-09

ISO/IEC 27018 Management System For Protection Of PII In Public Clouds Acting As PII Processors
ISO/IEC 27018 is an international privacy standard specifically designed for public clouds. It is based on ISO/IEC 27002 and serves as a set of control measures and operational guidelines for the protection of personal data in cloud service environments. Targeted at Personal Identifiable Information (PII) processors in cloud services, it presents 16 additional requirements for the protection of personal data. It references the "ISO/IEC 29100 Privacy Framework," outlining 11 privacy protection principles and introducing 25 new control requirements and implementation guidelines for privacy management in the cloud.

The importance of cloud security in the operations of businesses in the digital era continues to grow. Implementing cloud security management is crucial to ensuring uninterrupted organizational operations, reducing the risk of attacks or data breaches, enhancing and maintaining competitive advantages, and strengthening the future operational blueprint of enterprises. Acer eDC, through cloud service certification systems and international standards such as CSA STAR, ISO/IEC 27017, and ISO/IEC 27018, stands as a high-quality choice for various enterprises seeking cloud services.

Benefits:

  • Introduction of ISO/IEC 27018 standards strengthens security controls for handling personal data in public cloud services. This includes protecting personal information to ensure unauthorized access is prevented, thereby raising the level of privacy protection.
  • ISO/IEC 27018 provides specific control requirements and implementation guidelines, assisting customers and public cloud service processors in clearly defining personal data protection requirements within contractual agreements. This enhances transparency in the collaboration between both parties.
  • By incorporating ISO/IEC 27018, cloud service providers can offer more transparency in their services. This encompasses information regarding personal data processing, security measures, privacy policies, and other relevant aspects, thereby improving the credibility of service providers.
  • Adhering to ISO/IEC 27018 enables cloud service providers to establish their services and processes for handling personal data based on international standards. This helps enhance their global market competitiveness and instills greater confidence in customers to use their services.

 

 

ISO27018 20270509 1

ISO27018 20270509 2