ISO 27018 is the international standard for cloud security management, providing a robust, internationally recognised benchmark for protecting personally identifiable information (PII) stored in the cloud.
Using ISO 27001 as a foundation, ISO 27018 provides specific guidance to help Cloud Service Providers (CSPs) assess their risks and implement controls for the protection of PII stored in the cloud.
Compliance with ISO 27018 guarantees a systematic approach to data protection and enables a CSP to demonstrate that it has implemented security controls to protect their confidential information in the cloud ecosystem.
As long as an organisation stores PII in the cloud then ISO 27018 is applicable to all types and sizes of organisations whether they are public, private companies or not-for-profit organisations. The guidelines may also be relevant to organisations acting as PII controllers.
Benefits of ISO 27018
- Greater stakeholder confidence. Compliance to ISO 27018 enables CSP’s to demonstrate they have implemented security controls to protect stakeholder confidential information in the cloud.
- Faster enablement of global operations. Because ISO 27018 provides common guidelines across different countries, it enables CSP’s to do business globally.
- Supply chain requirement. ISO 27018 certification, provides CSP’s with evidence demonstrating they have implemented procedures to protect PII, reducing the time taken negotiating for new business and providing a competitive edge.
- Greater legal protection. Certification to ISO 27018 guarantees a systematic approach to data protection helping CSP’s to address their data security risks and operate within the law.
Why choose LRQA for ISO 27018?
- LRQA has been involved in information security management system certiﬁcation for a number of years, so is ideally placed to help you with you cloud security.
Proven track record
- We have a number of high-proﬁle clients that have achieved ISO 27001 certification and who work in in the ﬁnance, telecommunications, software and internet sectors.
Information security specialists
- Our assessors are management system experts qualiﬁed in information security, so we are ideally place to offer help and advice for your cloud security needs.