ISO/IEC 27018:2019 Certification
What is ISO 27018 Certification?
Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27018 is a standard that serves as guidelines or code of conduct for selecting PII protection controls within the process of implementing a cloud computing information security management system based on ISO/IEC 27001.
It also helps implement commonly accepted PII protection controls for organisations offering information processing services as PII processors and PII controllers via public cloud computing under a contract or agreement.
Given the multi-fold increase in security incidents over the last few years, safeguarding of cloud-hosted sensitive data that holds PII has gained prime importance.
The international standard of ISO/IEC 27018 can help mitigate the risk of data compromise for public cloud PII. The standard ensures that a cloud service provider has appropriate procedures in place for handling PII.
Benefits of ISO 27018 Certification
Who can be certified ISO 27018 Certification?
ISO 27018 a code of practice, not a standard. ISO 27018 certification is generally included in the ISO 27001 audit process, if it’s included as an add-on to the ISMS. To gain certification for an ISO standard, a competent auditor will conduct an audit.
Document required for ISO 27018 Certification
The extent of Documented Information differs as per:
Role of Shamkris and Process of ISO 27018 Certification
Shamkris adopts a results-oriented approach to effective system implementation in the organization. A simple and practical method of system implementation helps organizations increase business efficiency and sustainability. Shamkris supports 100% documentation to obtain a certificate of success in addition to enhanced performance.
The implementation process is described below: