Keeping personally identifiable information (PII) safe has become a growing concern in recent years, leading to a flurry of extra legislation to protect it.
To provide guidance to companies who operate cloud services that also act as processors of PII, the ISO (International Organisation for Standards) has developed this extension of its Information Security Management Standard (ISO 27001).
ISO 27018 specifically targets cloud service businesses that process PII, providing relevant controls and guidance to keep this data safe. This enables businesses to demonstrate that they have robust processes in place, giving customers, stakeholders and suppliers far greater confidence in their operations.
ISO 27018 is a code of practice designed to protect personally identifiable information (PII) in public clouds.
It is an extension of ISO 27001, the Standard for Information Security Management, and it was designed to provide much-needed detail and guidance on the operation of cloud services. This can help you to create a more comprehensive, relevant and focused Information Security Management System (ISMS).
ISO 27018 also builds on the requirements of ISO 27002, which provides the detailed implementation of ISO 27001 security controls. ISO 27018 includes these controls and expands upon them to include ones that relate directly to the management of PII in clouds.
Top benefits of achieving certification in ISO 27018 include:
The cost of ISO 27018 depends on whether you already have an existing ISO 27001 Information Security Management System.
ISO 27018 is an extension of the ISO 27001 Information Security Management System Standard, which means it cannot be implemented as a standalone product. If you haven’t yet achieved certification in this Standard, you will therefore need to implement ISO 27001 alongside ISO 27018 in order to achieve the certification you are looking for.
To get an idea of the costs, use our free fee calculator below or get in touch with our Sales Team on 0333 344 3646.
ISO 27001 is the international Standard for Information Security Management. It develops a robust framework within your business to manage information security and risk, which will help you to comply with stringent privacy laws, such as the General Data Protection Regulation (GDPR).
ISO 27018 is an extension of this Standard and gives more specific guidance and controls for the management of personally identifiable information (PII) within cloud services. This makes it a relevant and useful addition for businesses that act as data processors.
Becoming certified to ISO 27018 is a straightforward process, whether you are adding it to your existing ISO 27001 system or are implementing both.
During the process, our consultant will also identify your business and team members as information controllers, processors or both. This will depend on whether you are the person (or business) who determines the purposes for which, and the way in which, personal information is processed, or the person (or business) who processes personal information on behalf of the information controller. This early classification will remove unnecessary complexity.
A QMS Consultant will visit your Organisation to review and document your current processes and procedures, highlighting any areas that do not meet the requirements of the Standard.
Now its time to make sure any required process or procedural changes are made, as highlighted in the Review. QMS can provide templates to assist you in doing this.
An Auditor must now visit your Organisation to check that the documented processed are being followed and that the necessary changes have been made. Once they are satisfied, you will be rewarded with your certification.
Once you have achieved certification the certification cycle will commence. This is made up of surveillance and re-certification audits, one of which must take place each year, around the anniversary of your certification. These visits confirm your continued compliance with the Standard and verify the validity of your certification.
Our digital management platform, QMS Connect, means that you can take control of your management systems at any time, in any place.
Equipped with simple navigation, real-time reporting and a collection of guides and videos to help you, QMS Connect is a secure and convenient platform for uploading and amending documents, assigning tasks and accessing a helpdesk ticketing system.
It also helps you engage your teams, capturing information that can hone your business decisions for more repeat customers and better customer satisfaction.
At QMS we are constantly updating our approach and process to meet the latest changes in how ISO 27018 works.
The rapid switch to remote working turned business cyber security on its head. But how prepared are SMEs for a cyber-attack, and how strong are their defences? To find out, we went and asked them.
Take your information security systems up a notch and prove that your business knows how to keep personal information safe with a new management system. Introducing ISO 27701…
From 1 January we will no longer be a member of the EU, and this means that there will be changes when it comes to the way we handle personal data. To help you make sure you’re ready, take a look at our Brexit checklist.