Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27018 is a security standard part of the ISO/IEC 27000 family of standards. It was the first international standard about the privacy in cloud computing services which was promoted by the industry. It was created in 2014 as an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. It helps cloud service providers who process personally identifiable information (PII) to assess risk and implement controls for protecting PII. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.
Strcuture of Standard-
The official title of the standard is "Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". ISO/IEC 27018:2019 has eighteen sections, plus a long annex, which cover:
1. Scope
2. Normative References
3. Definitions and abbreviations
4. Cloud sector-specific concepts
5. Information security policies
6. Organization of information security
7. Human resource security
8. Asset management
9. Access control
10. Cryptography
11. Physical and environmental security
12. Operations security
13. Communications security
14. System acquisition, development and maintenance
15. Supplier relationships
16. Information security incident management
17. Information security aspects of business continuity management
18. Compliance
Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
It provides a higher security to customer data and information.
It makes the platform more reliable to the customer, achieving a higher level than the competition.
Faster enablement of global operations.
Streamlined contracts.
It provides legal protections for cloud providers and users.