Public Cloud Providers, Cloud Service Customers and Data Principles
It’s important to understand the scope of your services within the principles of ISO 27018. The Standard is intended for Public Cloud Providers where Customers use the facility to store or process the PII they hold.
In this respect, some of the data protection obligations to the Data Principle (the individual person) are placed on the Cloud Service Customer – that is the entity using the Public Cloud Provider.
ISO 27001 + ISO 27018
ISO 27001 the standard for information security is a good place to start as this provides a framework for managing information security risks, and there is also the benefit of achieving a recognised Certification to this Standard.
If ISO 27001 is already embedded in the organisation, the extended control set in ISO 27018 is a good improvement to focus on risks related to personal data in the provider’s public cloud.
Assent have ISO 27018 Consultants who can help you understand the standard, implement the recommended controls in addition to ISO 27001 and measure/reduce risk to personal data.
Get started by purchasing a copy of the ISO 27018 standard from the BSI Shop.
ISO 27018 Gap Analysis
Many organisations find an ISO 27018 Gap Analysis a good first step, and our Consultants can work with you to identify gaps in your current documentation and processes.
Prepare for GDPR
Many of the Privacy Principles within ISO 27018 can help you work towards the General Data Protection Regulations. Find out more about GDPR.