ISO27018:2014: Information technology — Security techniques
Wed 10 Feb 2016 | Michael Mudd
*An introduction to ISO27018 can be found in a previous post here
The International Standards Organisation (ISO) indicate that globally there are more than 18,000 companies that have achieved the ISO27001 certificate in Information Security Management.
On July 30th 2014 an additional voluntary standard within the 27000 series, ISO/IEC 27018 was adopted specifically governing the processing of personally identifiable information (PII) by public Cloud Service Providers (CSP).
ISO/IEC 27018 is the first international privacy standard for the cloud. This new standard incorporates controls that reflect PII considerations specifically for cloud services, and will help a CSP demonstrate that its cloud privacy policies and practices are robust, and in line with best industry practices. These includes transparency around sub-processors, the non-use of PII for advertising and healthy retention policies of data that articulates transparent parameters for the return, transfer and secure disposal of personal information.
This Paper is intended to provide the reader with relevant and realistic assessment of what this means to privacy and how this standard may impact on your own information security processes and systems.
Author, Michael Mudd is an appointed expert to JTC-1 of the ISO. He is the chief representative of the Open Computing Alliance, in the APAC and MEA region. The OCA seeks to encourage productivity, growth and employment through new opportunities arising from standards and principles driven networked computing, together with respect for IPR and care for the environment.
