Shamkris Global Group

ISO/IEC 27018:2019 Certification

What is ISO 27018 Certification?

Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018 is a standard that serves as guidelines or code of conduct for selecting PII protection controls within the process of implementing a cloud computing information security management system based on ISO/IEC 27001.

It also helps implement commonly accepted PII protection controls for organisations offering information processing services as PII processors and PII controllers via public cloud computing under a contract or agreement.

Given the multi-fold increase in security incidents over the last few years, safeguarding of cloud-hosted sensitive data that holds PII has gained prime importance.

The international standard of ISO/IEC 27018 can help mitigate the risk of data compromise for public cloud PII. The standard ensures that a cloud service provider has appropriate procedures in place for handling PII.

Benefits of ISO 27018 Certification

Provides a higher security to customer data and information

Streamlined contracts

provides legal protections for cloud providers and users

Faster enablement of global operations

Competitive Advantage

Mitigate Risks & Optimise Costs

Who can be certified ISO 27018 Certification?

ISO 27018 a code of practice, not a standard. ISO 27018 certification is generally included in the ISO 27001 audit process, if it’s included as an add-on to the ISMS. To gain certification for an ISO standard, a competent auditor will conduct an audit.

IT & IT Enabled Companies

Research and Development

Banking & Financial Institute

Design Services

Organization with Sensitive Data

Government Agencies


Document required for ISO 27018 Certification

The extent of Documented Information differs as per:

Role of Shamkris and Process of ISO 27018 Certification

Shamkris adopts a results-oriented approach to effective system implementation in the organization. A simple and practical method of system implementation helps organizations increase business efficiency and sustainability. Shamkris supports 100% documentation to obtain a certificate of success in addition to enhanced performance.

The implementation process is described below:

Time Frame



Day 1

GAP Analysis
Certification Body
Cost Estimates

Week 1

Developing Documents

Week 4

Implementing Management System

Week 8

Internal Audit

Week 10

Certtification Body
N-C Closing

Week 12

Certification Body

Year on Year

Yearly Compliance


ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII).
ISO 27017 certification demonstrates cloud service security to users, while ISO 27018 certification ensures that personal data is processed securely.
Personally Identifiable Information
What is ISO 27018? ISO/IEC 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information or PII. ISO 27018 is a code of practice for public cloud service providers.
Earning the ISO 27001/27018 certification is an important part of establishing a baseline of security for any business that processes data in the cloud. Simply put, following these standards helps you reduce security risk since they are recognized as some of the comprehensive in cloud computing applications.