ISO/IEC 27018:2019

ISO/IEC 27018:2019 constitutes an information security code of practice specifically designed for cloud service providers entrusted with processing personally identifiable information on behalf of their clientele. Serving as an extension to ISO/IEC 27001:2013 and ISO/IEC 27002, this standard introduces supplementary security controls.

ISO/IEC 27018:2019

It meticulously outlines privacy prerequisites and augments security controls to ensure their effective implementation within the purview of cloud service providers.

This standard operates in tandem with ISO 27017:2015, which centers on Security Controls for Cloud Services, and ISO 27701:2019, a framework for Privacy Information Management. These standards, like ISO 27018, stem from the foundational principles of ISO 27001:2013.

In its capacity as an extension to ISO 27001, ISO 27018 imparts guidance on 16 controls delineated in ISO 27002.
Additionally, it introduces 25 new controls dedicated to privacy and security.

These encompass mandates for collaboration with personally identifiable information (PII) controllers,
safeguarding the rights of PII principals, adherence to core privacy requisites such as data minimization and accuracy, and the championing of transparency and accountability principles.

Furthermore, it specifies supplementary security controls and sets forth requirements pertaining to sub-contracted processing.

Need Specific Certifications?

Create Your Custom Package Today!

Whether you need one certification or a tailored package, we’re here to help. Contact us to build the perfect solution for your business!

Empowering Your Growth Journey with Expert Certifications, Holistic Training, and Strategic Management Solutions.

Contact us

A/405-406, Titanium Business Park, Bs. Sammet Platinum, Prahlad Nagar, Ahmedabad – 380051, Gujarat, India