ISO 27018:2019


It is a code of practice that focuses on Personal Identifiable Information (PII) in the cloud. With reference to implementation guidelines, ISO/IEC 27002 controls are applicable to public cloud Personal Identifiable Information (PII).

ISO 27018 Certification

What are the benefits of ISO 27018 CERTIFICATION?

  • Comply with a number of legal & regulatory acts on PII in various regions (GDPR, HIPAA, POPI, etc.)
  • Comply with applicable obligations for protecting PII processing
  • Transparency to your customers on their PII
  • Enter into a contractual agreement for better decision making & understanding
  • Demonstrate effective implementation of PII protection
  • Data Management on cloud (Data minimization, Data transfer, Back up, Capacity management, etc.)

What are the requirements of ISO 27018:2019?

  • Legal, Statutory, Regulatory and Contractual Requirements
  • Identifying risks associated with processing PII in the organization & its interested parties (stakeholders, service providers, patrons, etc.)
  • Corporate Policy – Most of the policies are covered under legal & socio-cultural obligations, an organization may create other internal policies beyond the criteria derived from standard requirements
  • Consents, transparency, communication security, physical & environmental security & operational security
  • Defined Vendor Management, Incident Management & Business Continuity Management
  • Defining of SoA

Who can get ISO 27018 certification?

All types of Organization providing information processing services as PII processors & controllers through cloud computing under a contractual agreement to other organizations. 

Basically, all cloud service provider can have the above standard (AWS, Google Cloud, Azure, etc.)

Get In Touch 

have a question? let us get back to you.