ISO/IEC 27018:2014

Cloud Security Management Systems

For the public cloud computing environment, ISO/IEC 27018:2014 defines widely recognized control goals, controls, and recommendations for establishing measures to safeguard Personally Identifiable Information (PII) in compliance with the privacy principles in ISO/IEC 29100. ISO/IEC 27018:2014, in particular, offers guidelines based on ISO/IEC 27002, taking into account regulatory requirements for the protection of PII that may be relevant within the context of a provider of public cloud services’ information security risk environment(s).

ISO/IEC 27018:2014 applies to all types and sizes of enterprises that provide information processing services as PII processors via cloud computing under contract to other organizations, including public and private companies, government agencies, and not-for-profit organizations. Organizations operating as PII controllers may benefit from the recommendations in ISO/IEC 27018:2014; nevertheless, PII controllers may be subject to extra PII protection legislation, rules, and duties that do not apply to PII processors. Such additional duties are not covered by ISO/IEC 27018:2014.

Advantages:

Register Now

Download the PDF
for registration