ISO 27018 add-on

ISO 27018 is relevant for organizations storing privacy sensitive data in the cloud

This add-on provides implementation guidelines for 14 existing ISO 27001 Annex A controls.

Next to that, the following 25 new controls are added:

  • Authorization for taking the physical media off-site
  • Confidentiality agreements for individuals who can access personal data
  • Deletion of data in storage assigned to other customers
  • Deletion of temporary files
  • Destruction of printed media with personal data
  • Disabling the usage of expired user IDs
  • Disclosing the information about all the sub-contractors used for processing the personal data
  • Disclosing to the cloud customer in which countries will the data be stored
  • Document management for cloud policies and procedures
  • Encrypting data that is transmitted over public networks
  • Ensuring the data reaches the destination
  • Not using the data for marketing and advertising
  • Notification to the customer in case of a data breach
  • Notification to the customer in case of a request for data disclosure
  • Policy for return, transfer and disposal of personal data
  • Procedure for data restoration
  • Processing the data only for the purpose for which the customer has rovided this data
  • Recording all the disclosures of personal data
  • Records of user access to the cloud
  • Restriction of printing the personal data
  • Restriction of usage of media that does not have encryption capability
  • Rights of the customer to access and delete the data
  • Specifying the minimum security controls in contracts with customers and subcontractors
  • Usage of unique IDs for cloud customers


  • ISO 27018 add-on ISMS: € 795 (for existing Instant 27001 clients)
  • Instant 27001 + ISO 27018 add-on: € 2590

Prices do not include local taxes (read more).

Order now | Request a demo