ISO/IEC 27018 Code of practice for protection of personal identifiable information (PII) in public clouds

(Non accredited or referenced on the 27001 certificate as add-on)

The ISO/IEC 27018 is an international standard that defines practices for the protection of personal data in the field of cloud computing. This standard specifically focuses on safeguarding personal data processed by cloud services.

ISO/IEC 27018 provides guiding principles and control measures for cloud service providers to ensure the privacy and protection of their users’ personal data. The standard addresses issues such as access control, transparency, personal data disclosure, and other secure practices that cloud providers should adhere to.

A prerequisite for implementing this standard is certification or simultaneous certification according to the ISO/IEC 27001 standard.