ISO 27018 Protection of Personally Identifiable Information (PII)

ISO 27018 is the global standard organisations use to implement and manage systems that protect Personally Identifiable Information (PII), such as sensitive customer data. It is part of the broader ISO 27001 and ISO 27002 standards, but ISO 27018 focuses on safeguarding PII data on cloud services. Having effective systems for your organisation to become ISO certified increases customer trust and helps meet data protection regulations.

ISO 27018 accreditation

» Achieve ISO 27108 accreditation with an internationally accredited certification body.

» Gain a competitive advantage through robust data protection systems and management.

» Provide stakeholders and investors reassurance about cloud-based PII protection.

» Demonstrate compliance with data protection regulations such as GDPR.

» Bid for contracts and tenders that require ISO 27018:2019 certification.

» Suitable for organisations of all sizes – from SMEs and corporates to charities.

What is ISO 27018?

ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. ISO 27018 was developed by the International Organization for Standardization. ISO 27018: 2019 is the current version of the international standard. With ISO 27018 accreditation, you will be able to demonstrate to customers, investors, and stakeholders that you have systems and processes in place designed to safeguard data on the cloud and comply with aspects of data protection regulations such as GDPR. ISO/IEC 27018 has been published to allow cloud service providers whose infrastructure is certified to the standard to reassure existing and potential customers that their data is safeguarded and won’t be used for purposes the data subject hasn’t given consent.

The ISO implements a framework that helps organisations:

» Implement PII protection controls into your organisation’s information security systems.

» Develop a strong understanding of cloud service providers and practices.

» Work towards satisfying other international standard requirements linked to ISO 27018.

» Reduce the risk of data breaches or data misused from cloud-based storage and processing.

» Provide operation efficiencies and accountabilities throughout an organisation.

What are the benefits of ISO 27018?

ISO 27018 inspires trust in your business, reassuring customers and stakeholders that personal data and information is protected. The cloud offers organisations and consumers a variety of benefits such as cost savings, flexibility and mobile access to information. Sensitive personally identifiable information (PII) – including medical records, financial information and digital fingerprints such as IP addresses – can be stored and processed on cloud-based services. ISO 27018 helps organisations develop robust controls to mitigate data misuse risks and protect sensitive data.

ISO 27018 certification allows organisations to:

» Gain a competitive advantage – stand out from your competitors by protecting personal information.

» Protect your brand or organisational reputation – reduces the risk of adverse publicity due to data breaches.

» Reduce risks – ensures that risks are identified, and controls are in place to manage or reduce them.

» Protect yourself against fines – ensures that local regulations are complied with, reducing the risk of penalties for data breaches.

» Help grow your business – provides common guidelines across different countries, making it easier to do business globally.

How to become ISO 27018 certified

Implementing ISO 27018 means embedding safeguarding measures into your information and data security systems to ensure that PII is safeguarded. Certification Europe has granted certification to hundreds of organisations and helped them reach ISO standards, including Liverpool Victoria, Greenstar, and Thornton’s Recycling. Our qualified ISO assessors conduct a pre-assessment to review whether your organisation meets the standard requirements for ISO 27018 with existing systems and processes. Certification Europe conducts assessments using a multi-stage process to ensure a comprehensive evaluation. If your organisation meets ISO 27018:2019 requirements, we will issue you with an official certificate and other materials you can use for marketing and promotion schemes.

Start your ISO 27018 certification journey

Contact our team for a free, no-obligation quotation from our dedicated ISO support team to start your ISO certification journey. We tailor our quotes to meet your requirements, and we support a range of ISO standards, including ISO 27001, ISO 27017 and Cyber Essentials. Learn more about Certification Europe’s accreditations, discover our client testimonials and find out more about working with us.

The Certification Journey

Stage One

The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to Stage 2.

Recommendation for Certification

At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.

Certification Achieved

Successful certification is communicated to the client. Certificates are issued.

Stage Two

The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.

Certification Review & Decision

The organisations files are reviewed by an independent and impartial panel and the certification decision is made.