What is the purpose of ISO/IEC 27018:2019?

ISO/IEC 27018:2019 was established to identify the international standard for protecting “Personally Identifiable Information” (PII) in cloud storage.

It is the code of practice for public cloud service providers. A Personally Identifiable Information processor is any public cloud service provider that deals with processes or information that has personal data in it for their clients.

ISO/IEC 27018:2019 aims to;

• Provide supportive implementation guidance (on top of ISO 27002) for the controls provided in ISO/IEC 27001
• Identify extra guidance on Personally Identifiable Information protection requirements for the public cloud that are not covered in ISO 27001

What are the objectives of ISO/IEC 27018:2019?

ISO/IEC 27018:2019 provides guidance on information security categories. The standard is for public cloud services providers that act as PII processors.

Its key objectives are to:

• Support the public cloud PII processor to fulfil the obligations
• Provide guidance for public cloud services that are PII processors under contract
• Enhances transparency and enables cloud service clients to access a secure and well-maintained PII processing services
• Support cloud services and users establish contractual agreements for processing PII
• Provide cloud service clients an audit and compliance method