ISO 27018 Consulting Services for CSPs

Prove You Can Protect Personal Data in Your Cloud

Know the Personal Data in Your Cloud Environment is Secure—and Prove It

Securely processing Personally Identifiable Information (PII) in your cloud environment, and proving you can do so, is becoming more challenging every day. New privacy regulations (like CCPA) coupled with pressure from customers and management have made running a secure cloud environment notably more challenging than it was just a few years ago.

To attract and keep customers and steer clear of data breaches and regulatory penalties, today’s Cloud service providers (CSP’s) need to prove they are securing PII to prospects, shareholders, business partners, their own management and plenty of others.

With Pivot Point Security as your trusted partner, proving conformance with ISO 27018 year over year as an adjunct to your ISO 27001 certification is a guaranteed reality. Our clients demonstrate enhanced cloud security postures, including the ability to provably protect PII. They can prove to any regulator or other stakeholder the PII they handle is secure and their processing of PII is in compliance with applicable regulations.

Quick info on ISO 27018

Benefits for CSP’s of Extending ISO 27001 with ISO 27017 Controls

ISO/IEC 27018:2019 Information technology — Security techniques — Code of practice for protection of PII in public clouds acting as PII processors establishes best-practice controls and guidelines for protecting PII in public cloud computing environments. It is based on the privacy principles described in ISO 29100, as well as the information security controls specified in ISO 27002.

ISO 27018 extends both these standards to encompass regulatory requirements for the protection of PII in the context of public cloud services. It is applicable to any organization that processes PII using cloud services under contract to other organizations.

CSP’s can extend the scope of their ISO 27001 compliant Information Security Management System (ISMS) to include additional controls, in order to attain conformance with ISO 27018.

Quick note, you are struggling with multiple standards or running independent privacy and information security programs you may want to look at ISO 27701 which is intended to solve these problems.

Benefits for CSPs to Align with ISO 27018

ISO 27018 Frequently Asked Questions

Cloud services providers that handle PII can gain significant business benefits from demonstrating conformance with ISO 27018 controls. These benefits include:

  • Improved customer and stakeholder confidence that PII is being properly secured
  • Simplified ability to do business globally or in multiple regions/countries
  • Streamlined contract negotiation
  • Improved ability to comply with evolving laws and regulations governing the handling of PII in the cloud
  • Reduce the cost of cyber liability insurance (CLI)

Point Security’s ISO 27018 consulting services will help your CSP strategize, operationalize and certify a robust and effective ISMS with associated controls specific to PII in the public cloud. Our experts have the cloud security experience it takes to guarantee that your environment conforms to the ISO 27018 standard.

Benefits for CSPs to Align with ISO 27018

ISO 27018 Frequently Asked Questions

What is ISO 27018?

A member of the ISO 27000 family of international information security standards, ISO 27018 provides guidance on information security issues and regulatory requirements specific to protecting Personal Information (PI) in the cloud. It is based on privacy principles described in ISO 29100 and information security guidelines described in ISO 27002. The primary audience for this standard is businesses that process PI in the cloud under contract to other organizations. Organizations considering ISO 27018 should consider ISO 27701 as an alternative, as it is a superset of ISO 27018 and provides the additional advantage of integrating Privacy into the Management System and being a certifiable standard.

Can my business get an ISO 27018 certification?

A member of the ISO 27000 family of international information security standards, ISO 27018 provides guidance on information security issues and regulatory requirements specific to protecting Personal Information (PI) in the cloud. It is based on privacy principles described in ISO 29100 and information security guidelines described in ISO 27002. The primary audience for this standard is businesses that process PI in the cloud under contract to other organizations. Organizations considering ISO 27018 should consider ISO 27701 as an alternative, as it is a superset of ISO 27018 and provides the additional advantage of integrating Privacy into the Management System and being a certifiable standard.

Why should my company consider implementing ISO 27018 controls?

A member of the ISO 27000 family of international information security standards, ISO 27018 provides guidance on information security issues and regulatory requirements specific to protecting Personal Information (PI) in the cloud. It is based on privacy principles described in ISO 29100 and information security guidelines described in ISO 27002. The primary audience for this standard is businesses that process PI in the cloud under contract to other organizations. Organizations considering ISO 27018 should consider ISO 27701 as an alternative, as it is a superset of ISO 27018 and provides the additional advantage of integrating Privacy into the Management System and being a certifiable standard.

What do the ISO 27018 controls specify?

A member of the ISO 27000 family of international information security standards, ISO 27018 provides guidance on information security issues and regulatory requirements specific to protecting Personal Information (PI) in the cloud. It is based on privacy principles described in ISO 29100 and information security guidelines described in ISO 27002. The primary audience for this standard is businesses that process PI in the cloud under contract to other organizations. Organizations considering ISO 27018 should consider ISO 27701 as an alternative, as it is a superset of ISO 27018 and provides the additional advantage of integrating Privacy into the Management System and being a certifiable standard.

Benefits of Our ISO 27001 + IS 27018 As-A-Service Model

    • Achieve conformance at your own pace– We offer dedicated ISO 27018 expertise on tap, so you’ll have the information, documentation and staff augmentation you need, when you need it.
    • Chart a roadmap and stay on course– Regular status/coordination meetings between our ISO 27018 specialists and your in-house team will keep your project on course.
    • Minimize time and expense – Our dedicated expertise, proven processes and standards-aligned artifacts will save you time and money during your conformance process.
    • Ensure your business meets ISO 27018 requirements– Pivot Point Security will ensure your success by validating that your applicable controls and processes conform to the ISO 27018 guidance.
    • Ensure you achieve ISO 27001 certification – We provide onsite support to ensure a successful ISO 27001 certification audit, including the extended scope of your ISO 27018 controls.
    • Make sure you maintain ISO 27018 conformance– Pivot Point Security can provide whatever ongoing support you need to operate your ISMS in a way that protects PII. We can also help you continually improve your data protection posture, implement your Internal Audit Program, and maintain ISO 27018 conformance over time within the scope of your ISO 27001 certification

.