📚 Learn how ISO 27018 controls help cloud service providers reduce security risks for personal data.
ISO 27018 is the first international standard created specifically for data privacy in cloud computing. Its main objective, according to the International Organization for Standardization (ISO), is to establish “commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII).”
ISO 27018 is part of the ISO 27000 family of standards, which define best practices for information security management. ISO 27018 adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to PII in cloud computing.
Although ISO 27018 is not a law, there are a number of benefits to following its guidelines and earning certification (more on this below). And since the standard isn’t free to the public, we’ve combed through it to help you make intelligent decisions on compliance and certification.
Below are the most important things you need to know about ISO 27018 and why it’s a good idea to follow.