ISO 27018:2019 provides guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles for the public cloud computing environment, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO 27018 is relevant for organizations storing privacy sensitive data in the cloud

This add-on provides implementation guidelines for 14 existing ISO 27001 Annex A controls.

Next to that, the following 25 new controls are added:

  • Authorization for taking the physical media off-site
  • Confidentiality agreements for individuals who can access personal data
  • Deletion of data in storage assigned to other customers
  • Deletion of temporary files
  • Destruction of printed media with personal data
  • Disabling the usage of expired user IDs
  • Disclosing the information about all the sub-contractors used for processing the personal data
  • Disclosing to the cloud customer in which countries will the data be stored
  • Document management for cloud policies and procedures
  • Encrypting data that is transmitted over public networks
  • Ensuring the data reaches the destination
  • Not using the data for marketing and advertising
  • Notification to the customer in case of a data breach
  • Notification to the customer in case of a request for data disclosure
  • Policy for return, transfer and disposal of personal data
  • Procedure for data restoration
  • Processing the data only for the purpose for which the customer has rovided this data
  • Recording all the disclosures of personal data
  • Records of user access to the cloud
  • Restriction of printing the personal data
  • Restriction of usage of media that does not have encryption capability
  • Rights of the customer to access and delete the data
  • Specifying the minimum security controls in contracts with customers and subcontractors
  • Usage of unique IDs for cloud customers

Add-ons are delivered as a package for Confluence or Microsoft 365. Instructions for activation and merging are provided.

Pricing

€ 995

All prices are excluding applicable taxes (read more)

All our clients have passed certification the first time.
Join them today!

Order now   Book a demo