UKCloud, a leading supplier of cloud services to the public sector, has achieved a statement of verification to ISO 27018:2014.
This represents the first statement of verification from LRQA for ISO 27018:2014.
ISO 27018:2014 is a code of practice for the protection of personally identifiable information (PII) in the cloud and seeks to provide trust and confidence in cloud-based services.
Commenting on the achievement, John Godwin, Director of Compliance & IA, UKCloud Ltd, said: "We are delighted to have obtained a statement of verification to ISO 27018:2014 from LRQA, which provides confidence in the security of our cloud services. With ever-increasing threats and vulnerabilities that seek to compromise data, it is essential to establish and use an accepted framework to ensure that risks are identified, understood and successfully managed."
Using ISO 27001 as a foundation, ISO 27018 provides guidance to help Cloud Service Providers (CSP) assess risks and enables organisations to demonstrate that they have implemented security controls to protect PII on the cloud.
Integral to the statement of verification was the company-wide commitment shown by UKCloud. Jeff Northam, LRQA ICT Assessor, said: “UKCloud are very switched on to certification and have excellent managerial support. This means that their staff are also clearly very security conscious.”
UKCloud have benefitted from LRQA’s industry-leading approach to management systems, which has helped provide efficiencies in the organisation. UKCloud added the statement of verification for ISO 27018:2014 to their existing certifications with LRQA for ISO 9001, ISO 20000 and ISO 27001.
John Godwin said: “Within a complex organisation, it’s important that an external assessor has both the experience and willingness to understand the business being assessed. We have found our LRQA assessors to be competent in this area, which allows for their assessments to be undertaken in the correct context and understanding the many dependencies and interactions between different areas of our company. “We have always found LRQA assessment reports to be well structured and informative. The ease of cross-reference to the applicable standards helps individuals to understand the context of the assessment that has taken place.”
To find more about LRQA’s ISO 27001 offering and ISO 27018 visit lrqa.co.uk/information-security