ISO 27018

Overview

ISO 27018 provides an internationally recognisable standard for protecting PII in Public Clouds. Bridewell’s ISO 27018 Consultants can help you implement best practices to meet Data Protection Legislation and provide reassurance to customers and cloud users.

What is ISO 27018? ​

ISO/IEC 27018:2019 is a code of practice for protection of Personally Identifiable Information (PII) in public clouds, acting as PII processors. ISO27018 is an internationally-recognised standard which has been adopted by many organisations.

It confirms that an organisation has established objectives, controls and guidelines for implementing PII protection measures. These measures are aligned with the privacy principles in ISO/IEC 29100 for a public cloud computing environment.

It specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII. These requirements are applicable within the context of the information security risk environment of a provider of public cloud services.

What Sets Us Apart?​

Our comprehensive range of services is designed to handle the complexity of today’s data-intensive way of life, as well as its increasing regulatory burden. Our success is based on: 

  • A deep understanding of IT infrastructure frameworks, cloud technologies and cloud security
  • An ability to design, implement and deploy for businesses of all sizes
  • A firm grasp of the business realities faced by enterprises in multiple sectors
  • Comprehensive ISO27001, ISO9001 and Cyber Essentials certification
  • A sophisticated menu of security solutions for Office 365, AWS and Microsoft Azure
  • Managed services capability through our Security Operations Centre
Who is ISO 27018 For?​
Every Type of Business
ISO 27018 is applicable to organisations of any size and industry, including public and private companies, government entities and nonprofit organisations. Any organisation can seek ISO27018 certification if they provide information processing services as PII processors (via cloud computing) under contract to other organisations.
Mitigating Risk
Many organisations rely on private, public and hybrid cloud services for storage space, computing power or services. In addition to the many benefits of using the cloud, there are risks such as unauthorised access to personal data that can result in data breaches or compromised integrity.
New Security Controls
ISO 27018 works by augmenting existing ISO 27002 controls (ISO 27002 provides a detailed explanation of ISO 27001 security controls) with specific items for cloud data privacy, and it also provides completely new security controls for personal dat
How Can ISO 27018 Secure the Cloud?​

Many organisations rely on private, public and hybrid cloud services for storage space, computing power or services. In addition to the many benefits of using the cloud, there are risks such as unauthorised access to personal data that can result in data breaches or compromised integrity.

ISO 27018 works by augmenting existing ISO 27002 controls (ISO 27002 provides a detailed explanation of ISO 27001 security controls) with specific items for cloud data privacy, and it also provides completely new security controls for personal data.

ISO 27018 covers the following controls, listed within Annex A, that should be implemented so as to increase the level of protection of PII in the cloud:

How Can Bridewell Help?

Bridewell’s experienced and certified data privacy and cyber security consultants can provide various levels of support, help and training to organisations looking to align to or achieve ISO27018 certification. We provide bespoke services that are tailored to individual client requirements, and we aim to add value through dedicated support.

This support has been built from our wealth of industry insight, awareness and expertise, which we will use to deliver bespoke solutions to your organisation.

Ready to Take the Next Step?

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Bridewell Consulting may contact you from time to time to keep you informed of security news and events.

You will always have an option to change your preferences or unsubscribe in line with our Privacy Policy.

Other Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.