ISO/IEC 27018 establishes commonly accepted control objectives to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for cloud providers offering public infrastructure and services. It is a critical document for these providers seeking to instill the trustworthiness of their systems in their customers and clients. Learn more about ISO 27018 and what it takes to get your cloud infrastructure up to speed.
Businesses undergoing ISO certification are probably aware of the 27000 series and its focus on comprehensive cybersecurity. What many organizations don’t know, however, is that the series itself provides guidelines for risk managers to better implement Information Security Management Systems (the core process of ISO 27001) following best risk management practices.
GDPR has needed a centralized assessment and certification model for some time now. Still, with the plethora of certifications and standards covering different business contexts, there has yet to be a single approach that has risen to the top of the heap. However, the governing bodies of GDPR have authorized the new Europrivacy standard to forego this certification balkanization in favor of a new, hybrid process.