ISO 27018

Protection of Personally Identifiable Information (PII)

ISO 27018 is the global standard organisations use to implement and manage systems that protect Personally Identifiable Information (PII), such as sensitive customer data. It is part of the broader ISO 27001 and ISO 27002 standards, but ISO 27018 focuses on safeguarding PII data on cloud services. Having effective systems for your organisation to become ISO 27018 certified increases customer trust and helps meet data protection regulations.

person learning from home on computer

ISO 27018 accreditation

  • Achieve ISO 27108 accreditation with an internationally accredited certification body.
  • Gain a competitive advantage through robust data protection systems and management.
  • Provide stakeholders and investors reassurance about cloud-based PII protection.
  • Demonstrate compliance with data protection regulations such as GDPR.
  • Bid for contracts and tenders that require ISO 27018:2019 certification.
  • Suitable for organisations of all sizes – from SMEs and corporates to charities.

What is ISO 27018?

ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

ISO 27018 was developed by the International Organization for Standardization. ISO 27018: 2019 is the current version of the international standard. With ISO 27018 accreditation, you will be able to demonstrate to customers, investors, and stakeholders that you have systems and processes in place designed to safeguard data on the cloud and comply with aspects of data protection regulations such as GDPR.

ISO/IEC 27018 has been published to allow cloud service providers whose infrastructure is certified to the standard to reassure existing and potential customers that their data is safeguarded and won’t be used for purposes the data subject hasn’t given consent.

ISO 27018 implements a framework that helps organisations:

  • Implement PII protection controls into your organisation’s information security systems.
  • Develop a strong understanding of cloud service providers and practices.
  • Work towards satisfying other international standard requirements linked to ISO 27018.
  • Reduce the risk of data breaches or data misused from cloud-based storage and processing.
  • Provide operation efficiencies and accountabilities throughout an organisation.

What are the benefits of ISO 27018?

ISO 27018 inspires trust in your business, reassuring customers and stakeholders that personal data and information is protected.

The cloud offers organisations and consumers a variety of benefits such as cost savings, flexibility and mobile access to information. Sensitive personally identifiable information (PII) – including medical records, financial information and digital fingerprints such as IP addresses – can be stored and processed on cloud-based services. ISO 27018 helps organisations develop robust controls to mitigate data misuse risks and protect sensitive data.

ISO 27018 certification allows organisations to:

  • Gain a competitive advantage – stand out from your competitors by protecting personal information.
  • Protect your brand or organisational reputation – reduces the risk of adverse publicity due to data breaches.
  • Reduce risks – ensures that risks are identified, and controls are in place to manage or reduce them.
  • Protect yourself against fines – ensures that local regulations are complied with, reducing the risk of penalties for data breaches.
  • Help grow your business – provides common guidelines across different countries, making it easier to do business globally.

Nulla vitae elit libero, a pharetra augue. Duis mollis, est non commodo luctus, nisi erat.

How to become ISO 27018 certified

Implementing ISO 27018 means embedding safeguarding measures into your information and data security systems to ensure that PII is safeguarded.

Certification Europe has granted certification to hundreds of organisations and helped them reach ISO standards, including Liverpool Victoria, Greenstar, and Thornton’s Recycling.

Our qualified ISO assessors conduct a pre-assessment to review whether your organisation meets the standard requirements for ISO 27018 with existing systems and processes. Certification Europe conducts assessments using a multi-stage process to ensure a comprehensive evaluation.

If your organisation meets ISO 27018:2019 requirements, we will issue you with an official certificate and other materials you can use for marketing and promotion schemes.

Start your ISO 27018 certification journey

Contact our team for a free, no-obligation quotation from our dedicated ISO support team to start your ISO certification journey. We tailor our quotes to meet your requirements, and we support a range of ISO standards, including ISO 27001, ISO 27017 and Cyber Essentials.

Learn more about Certification Europe’s accreditations, discover our client testimonials and find out more about working with us.

The Certification Journey

The Certification Journey

Stage One

The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to Stage 2.

1

Stage Two

The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

2

Recommendation for Certification

At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

3

Certification Review & Decision

The organisations files are reviewed by an independent and impartial panel and the certification decision is made.

4

Certification Achieved

Successful certification is communicated to the client. Certificates are issued.

5

ISO 27018 FAQS

ISO 27018 certification is suitable for any organisation, large or small, in any sector.

The standard is especially suitable for protecting personal data such as payroll, HR or clients payment details are stored in a cloud environment. All organisations that collect, process and store personal data must demonstrate compliance with GDPR and show how they protect data.

If your organisation is already implementing ISO 27001 ISMS, then you are covered for 70% of the regulations within ISO 27001. However, if you are operating using cloud base technologies then ISO 27018 has been seen as an effective bolt-on standard as companies wish to demonstrate GDPR compliance specifically with data that is stored on the cloud.

ISO 27018:2019 is the latest standard in the ISO 27018 collection. Certification Europe assessors only provide accreditation to organisations to the latest standard.

ISO 27018 certification lasts for approximately three years. During this period, assessors are required to complete routine surveillance assessments every six months to ensure compliance with ISO 27018 standards.

We’re INAB accredited and always strive to meet rigorous international certification standards.

Accreditation is the process by which a certification body is recognised to offer certification services to other organisations.

To become accredited, Certification Europe is required to implement a Quality Management System which is assessed by an Independent Authorised Body (Irish National Accreditation Body) to determine that it meets International Standards.

We’re audited annually to ensure our services meet the exact requirements of the relevant accreditation standards.

Get a Quote

To help us prepare the best quotation for you, please complete the form below. We will get back to you as soon as possible; but if you need immediate assistance, please call +353 1 642 9300.

Related ISO Certifications

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 is the international standard for quality management specifically …

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next