Training Catalogue
WWISE

    ISO Banner

    ISO/IEC 27018:2019
    Information Technology – Security techniques

    ISO/IEC 27018:2019 Information technology — Security techniques

    Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

    ISO/IEC 27018:2019 establishes frequently accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in the ISO/IEC 29100 Standard for the public cloud computing environment.

    What is ISO/IEC 27018:2019?

    Why does an Organisation need ISO/IEC 27018:2019?

    What are the Benefits of Implementing ISO/IEC 27018:2019?

    How do I Implement ISO/IEC 27018:2019 in an Organisation?

    Why Choose WWISE to Assist your Organisation:

    Guideline Conformance Process:

    What is ISO/IEC 27018:2019?

    ISO/IEC 27018:2019 establishes frequently accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in the ISO/IEC 29100 Standard for the public cloud computing environment.

    This Standard provides guiding principles based on ISO/IEC 27002 to providers of public cloud services, taking into consideration the regulatory requirements for the protection of PII which can be applied within the context of the information security risk environment(s). A PII processor is any public cloud service provider that processes personal data for its clients.

    Why does an Organisation need ISO/IEC 27018:2019?

    By implementing this Standard, the public cloud service provider is compelled to comply with applicable obligations when acting as a PII processor, whether such obligations fall on the PII processor directly or through contract. This will assist the cloud service customer and the public cloud PII processor in entering into a predetermined agreement.

    This Standard enables public cloud PII processors to be clear in relevant matters so that cloud service customers can select well-governed cloud-based PII processing services. Provide cloud service customers with a mechanism for exercising audit and compliance rights and responsibilities in cases where individual cloud service customer audits of data hosted in a combined, virtualized server (cloud) environment can be impractical technically and can increase risks to those physical and logical network security controls in place.

    What are the Benefits of Implementing ISO/IEC 27018:2019?

    • Decreases the risks of data breaches in the cloud and related regulatory fines.
    • Motivates trust in your organisation.
    • Clients and customers will be assured that you are protecting their data.
    • Protects your brand reputation.
    • It improves global operations.
    • It delivers legal protections for cloud providers and users.
    • It will streamline sales processes.
    • It provides advanced security to customer data and information.
    • It makes the platform more reliable to the customer, achieving a higher level than the competition.
    • Faster enablement of global operations.
    • Streamlines contracts.

    How do I implement ISO/IEC 27018:2019 in an organisation?

    ISO Consulting and Implementation:

    We have a range of professional Consultants, Engineers, and registered Auditors to assist in implementing and maintaining any ISO Management System. Our industry expertise includes services, telecommunication, manufacturing, construction, engineering services, fast-moving consumer goods, mining, power generation, state-owned companies, and government-run organisations. A good Consultant takes the time to truly understand the processes of your organisation.

    Therefore, they can approach the implementation of ISO requirements accordingly. The cost of hiring a Consultant and the time spent to implement your ISO Management System will definitely pay off in the long run.

    WWISE has a 4-Phase Approach:

    • Phase 1: Gap Analysis Audit and Information Gathering
    • Phase 2: ISO Documentation, Risk Assessment, and Process Mapping
    • Phase 3: Implementation and Coaching
    • Phase 4: Certification

    WWISE provides a turnkey solution which includes templates, one-on-one coaching, on-the-job training, and mentorship. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your organisation becomes certified.

    Why Choose WWISE to assist your organisation?

    An organisation can implement the standard, however, cannot get certified as a guideline standard.

      COPYRIGHT ©2024 WWISE. ALL RIGHTS RESERVED.