ISO 27018 Consultants

The standard for Personal Identifiable Information in Public Clouds

Cloud services now play a part in our daily lives and it is inevitable that Personal Identifiable Information (PII) will be stored and/or processed via the Public Cloud.

Public Cloud Providers include many of the apps and Software as a Service (SaaS) you might recognise, but the term can also be applied to platforms that these applications run on, including Infrastructure as a Service (IaaS).

ISO 27018 provides an internationally recognisable standard for protecting PII in Public Clouds and our ISO 27018 Consultants can help you implement best practices to meet Data Protection Legislation and provide reassurance to customers and Cloud users.

ISO 27018 Consultants

ISO 27018 is part of the ISO 27000 family of Information Security Standards, and in part, extends some of the Controls of ISO 27001/ISO 27002 by adding specific PII guidance. In other cases the standard makes the guidance within ISO 27002 mandatory.

However ISO 27018 also provides an annex of additional controls (A1 to A11) based on the 11 Privacy Principles in ISO 29100.

Essentially this extended control set helps the organisation manage specific risks inherent in a Cloud environment and meet data protection legislative requirements.

Public Cloud Providers, Cloud Service Customers and Data Principles

It’s important to understand the scope of your services within the principles of ISO 27018. The Standard is intended for Public Cloud Providers where Customers use the facility to store or process the PII they hold.

In this respect, some of the data protection obligations to the Data Principle (the individual person) are placed on the Cloud Service Customer – that is the entity using the Public Cloud Provider.

ISO 27001 + ISO 27018

ISO 27001 the standard for information security is a good place to start as this provides a framework for managing information security risks, and there is also the benefit of achieving a recognised Certification to this Standard.

If ISO 27001 is already embedded in the organisation, the extended control set in ISO 27018 is a good improvement to focus on risks related to personal data in the provider’s public cloud.

Assent have ISO 27018 Consultants who can help you understand the standard, implement the recommended controls in addition to ISO 27001 and measure/reduce risk to personal data.

ISO 27018 Gap Analysis

Many organisations find an ISO 27018 Gap Analysis a good first step, and our Consultants can work with you to identify gaps in your current documentation and processes.

Prepare for GDPR

Many of the Privacy Principles within ISO 27018 can help you work towards the General Data Protection Regulations. Find out more about GDPR.

Get Started with ISO 27018

ISO 27018 Case Studies

Darktrace Adds ISO 42001 to ISO 27001 and ISO 27018

Assent Risk Management has maintained a long-standing relationship with Darktrace, a global leader in cybersecurity AI, providing support for their ISO 27001 and ISO 27018…

CANCOM

CANCOM UK helps their clients benefit from Digital Transformation worldwide. They support corporate and public sector organisations with their award-winning IT products, solutions and services.…

Why Choose Us for ISO 27018?

Proven Track Record

Public Cloud Knowledge

Over 20 Years Experience

Thought Leadership

Competent Consultant

More Reasons

ISO 27018 Testimonials

“Darktrace set its sights on becoming one of the first AI cybersecurity vendors to achieve ISO 42001:2023 – a standard that the industry was still trying to get it’s head around at the time we started our journey.

Assent’s support in both implementing a new [AI] management system, and auditing against the requirements of the newly published ISO 42001 standard played a vital role in ensuring Darktrace was ready to proceed with the Stage 1 and Stage 2 audits, and ultimately, achieve certification with the British Standards Institution (BSI), amongst some of the first in our industry.

Thanks to our long-standing relationship with Garry Renton and the team at Assent, we were able to comprehensively break down and implement the requirements of the standard and use Garry’s existing knowledge of our management system to our advantage. This helped speed up the process by drawing out any issues and closing gaps early on. ISO 42001 is a critical milestone for Darktrace as we continue to mature our governance and compliance framework. This achievement expands Darktrace’s current certified compliance framework, which includes our ISO 27001:2022 and ISO 27018:2019 certifications – all of which Assent has been instrumental in providing support, expertise and auditing over the years.”

William Booth

Director, Cybersecurity Compliance

Read Full Case Study

“Garry was professional, fair and thorough. He has a great audit style and technique.

Jazmin is very pleasant to deal with and efficient; audits with both Rob and Garry have definitely had the ‘human touch’ – great relationship building and a more personal approach.”

Jamie Cottage,
Kate Pollard

Read Full Case Study

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
awpv3911	2 days	Description is currently not available.
AWSESS	session	Cookie used by the Awin platform in relation to affiliate links used on this website.
cf_clearance	1 year	Description is currently not available.

ISO 27018 Consultants