Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing
measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in
ISO/IEC
29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the
regulatory requirements for the protection of PII which might be applicable within the context of the
information
security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private
companies,
government entities, and not-for-profit organizations, which provide information processing services as PII
processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however,
PII
controllers can be subject to additional PII protection legislation, regulations and obligations, not applying
to
PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
OneUptime has achieved ISO 27018 compliance.
To request the certificate please contact: iso@oneuptime.com