About ISO 27018

ISO/IEC 27018 is a unique information technology code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. The cloud offers organizations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII).

PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But elements that people may not readily think of are medical records, IP addresses and banking statements.

Used with ISO/IEC 27001, ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.

About ISO 27017

ISO/IEC 27017 is a unique technology standard in that it provides requirements for the customer as well as the cloud service provider. IT Managers and other technical staff responsible for moving organizations to the cloud or expanding a cloud service engagement can reduce risks to their business by ensuring they understand their responsibilities and make more insightful decisions around their choice of providers.

Used with ISO/IEC 27001 series of standards, ISO/IEC 27017 provides enhanced controls for cloud service providers and cloud service customers. Unlike many other technology-related standards, ISO/IEC 27017 clarifies both party’s roles and responsibilities to help make cloud services as safe and secure as the rest of the data included in a certified information management system.

About ISO 27701

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. An international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.

ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations. It provides guidance for organizations who are responsible for PII processing within an information security management system (ISMS), specifically PII controllers (including those who are joint PII controllers) and PII processors.