ISO 27018:2019 Protection of Personally Identifiable Information (PII)

ISO 27018:2019

What is ISO 27018?

ISO 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

The cloud offers organisations and consumers a variety of benefits: cost savings, flexibility and mobile access to information top the list. It also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. But one people may not readily think of are medical records, IP addresses and banking statements.

ISO/IEC 27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.

What are the benefits of ISO 27018?

Inspires trust in your business – provides greater reassurance to your customers and stakeholders that personal data and information is protected.

  • Competitive advantage – stand out from your competitors by protecting personal information to the highest level
  • Protects your brand protection – reduces the risk of adverse publicity due to data breaches
  • Reduces risks – ensures that risks are identified, and controls are in place to manage or reduce them
  • Protects against fines – ensures that local regulations are complied with, reducing the risk of fines for data breaches
  • Help grow your business – provides common guidelines across different countries, making it easier to do business globally and gain access as a preferred supplier

What industries implement ISO 27018?

ISO 27018 Certification is suitable for any organisation, large or small, in any sector. The standard is especially suitable where the protection of personal data such as payroll, HR or clients payment details are stored in a cloud environment. Now that GDPR is now in force it is vital for organisations to demonstrate compliance and show how they are protecting their data, particularly data that is not stored in one location.

If your organisation is already implementing ISO 27001 ISMS then you are covered for 70% of the regulations within ISO 27001. However, if you are operating using cloud base technologies then ISO 27018 has been seen as an effective bolt-on standard as companies wish to demonstrate GDPR compliance specifically with data that is stored on the cloud


LinkedIn LinkedIn

Certification EU

Block 20A, Beckett Way
Parkwest Business Park
Dublin 12
D12 P8R2


Telephone: +353 1 642 9300