ISO 27018 cloud privacy
Integrated management of private information in the cloud

Discover our software for protecting private information in the cloud

With GlobalSuite® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements demanded by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.

Your team will be able to focus on having threats and risks under control
Ensure that the company’s assets and information maintain its integrity, availability and confidentiality
Establish and operate traceability, monitoring and continuous improvement processes
Ensure compliance with all ISO 27018 standards on cloud privacy of the organization

Features

Risk Identification

Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.

Risk Management

Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.

Risk Analysis

Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.

Risk Assessment

Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.

SGSI processes

It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.

Continuity, Capacity and Training Plans

It allows you to track a history of each plan and assign metrics for tracking.

Integration with Power BI

Make the most of GlobalSuite data® by performing an executive dashboard in a Business Intelligence tool such as Power BI.

Documentary Manager

It allows the control of all the documentation, in different formats, so that it serves as support in the management of the continuity of the company

Balanced Scorecard

The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.

World-class companies and organizations already trust us
GlobalSUite imagen fondo Producto
ISO 27018 Consulting and Audit of Private Information in the Cloud

Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?

ISO/IEC 27018provides a good practice basis for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers complete transparency in this regard.

Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:

  • Domain 5: Information Security Policies
  • Domain 6: Information Security Organization
  • Domain 7: Human Resources Security
  • Domain 9: Access Control
  • Domain 10: Cryptography
  • Domain 11: Physical and environmental safety
  • Domain 12: Operations security
  • Domain 13: Communications security
  • Domain 16: Incident Management
  • Domain 18: Compliance

The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:

  • Consent and choice
  • Purpose of legitimacy and specification
  • Data minimisation
  • Limit of use, retention and disclosure
  • Opening, transparency and notification
  • Responsibility
  • Information Security
  • Privacy compliance
  • It provides confidence in the protection of information from customers and stakeholders, protecting the image of the organization from access or data breach.
  • It allows you to identify the risks to which information is exposed (PII) by establishing controls for mitigation.
  • Differentiation from competitors in the same sector, providing protection to information under an international standard.
  • Protection against multan, providing a management system that protects the information of interested parties.
GSS Fondo chica con ordenador

The solution at a glance
Thanks to the integrated approach of GlobalSuite®, you can take advantage of the foundation of the solution to grow with the different modules and tools that make up the platform, and thus take advantage of the synergies and the corresponding savings in costs and time. The platform can be licensed in an integrated form or separately from each of its products.
Let's start a new project together