ISO 27018 Protecting PII In The Cloud

Cloud Service Providers are turning to a recent ISO standard “ISO/IEC 27018:2014 – Information Technology – Security Techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors” as a go to practice to secure PII for their cloud service offerings for the PII data processor.

As more and more businesses put their infrastructure and services they are already asked how they protect PII in the cloud as a result of privacy regulations and various audits- PCI, HIPAA/HITRUST. Just like ISO 27001 is a great framework for organizations of all types and sizes seeking a way to manage the risk in their Information System, ISO 27108 is a great standard to implement the protection of PII. ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect PII in accordance with privacy principals in ISO/IEC 29100 for the public cloud environment.

How Coalfire ISO can help

Coalfire ISO can provide a Conformance Attestation or the full ISO 27018 assessment.

Conformance Attestation-

Clients will have documentation (policies, procedures) reviewed and interviews conducted against the controls of ISO 27018. At the conclusion a formal Certificate of Conformance will be provided.

ISO 27018 Assessment-

Clients will be assessed to the controls of 27018 to determine the readiness of the organization to the standard. This will also include documentation review and interviews to identify conformance and non-conformance to the standard. Clients will receive a formal report identifying gaps in conformance to particular requirements to the ISO 27018 standard.