Company Profile
Training Catalogue
POPIA Compliance
WWISE

    ISO Banner

    ISO/IEC 27018:2019
    Information Technology – Security techniques

    ISO/IEC 27018:2019 Information technology — Security techniques

    Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

    ISO/IEC 27018:2019 establishes frequently accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in the ISO/IEC 29100 Standard for the public cloud computing environment.

    What is ISO/IEC 27018:2019?

    Why does an Organisation need ISO/IEC 27018:2019?

    What are the Benefits of Implementing ISO/IEC 27018:2019?

    How do I Implement ISO/IEC 27018:2019 in an Organisation?

    Why Choose WWISE to Assist your Organisation:

    Guideline Conformance Process:

    What is ISO/IEC 27018:2019?

    ISO/IEC 27018:2019 establishes frequently accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in the ISO/IEC 29100 Standard for the public cloud computing environment.

    This Standard provides guiding principles based on ISO/IEC 27002 to providers of public cloud services, taking into consideration the regulatory requirements for the protection of PII which can be applied within the context of the information security risk environment(s). A PII processor is any public cloud service provider that processes personal data for its clients.

    Why does an Organisation need ISO/IEC 27018:2019?

    By implementing this Standard, the public cloud service provider is compelled to comply with applicable obligations when acting as a PII processor, whether such obligations fall on the PII processor directly or through contract. This will assist the cloud service customer and the public cloud PII processor in entering into a predetermined agreement.

    This Standard enables public cloud PII processors to be clear in relevant matters so that cloud service customers can select well-governed cloud-based PII processing services. Provide cloud service customers with a mechanism for exercising audit and compliance rights and responsibilities in cases where individual cloud service customer audits of data hosted in a combined, virtualized server (cloud) environment can be impractical technically and can increase risks to those physical and logical network security controls in place.

    What are the Benefits of Implementing ISO/IEC 27018:2019?

    • Decreases the risks of data breaches in the cloud and related regulatory fines.
    • Motivates trust in your organisation.
    • Clients and customers will be assured that you are protecting their data.
    • Protects your brand reputation.
    • It improves global operations.
    • It delivers legal protections for cloud providers and users.
    • It will streamline sales processes.
    • It provides advanced security to customer data and information.
    • It makes the platform more reliable to the customer, achieving a higher level than the competition.
    • Faster enablement of global operations.
    • Streamlines contracts.

    How do I implement ISO/IEC 27018:2019 in an organisation?

    No content provided for this section.

    Why Choose WWISE to assist your organisation?

    An Organisation cannot certify to a guideline standard; you can implement the standard and receive a letter of conformity.

      COPYRIGHT ©2021 WWISE. ALL RIGHTS RESERVED.