ISO 27018 cloud privacy

Integrated management of private information in the cloud

Software Protection Private Information in the Cloud

Discover our software for protecting private information in the cloud

With GlobalSUITE® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements required by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.

Your team will be able to focus on having threats and risks under control

Ensure that the company’s assets and information maintain its integrity, availability and confidentiality

Establish and operate traceability, monitoring and continuous improvement processes

Ensuring compliance with all ISO 27018 privacy regulations in the organization’s nuba

Features

Risk Identification

Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.

Risk Management

Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.

Risk Analysis

Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.

Risk Assessment

Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.

SGSI processes

It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.

Continuity, Capacity and Training Plans

It allows you to track a history of each plan and assign metrics for tracking.

Integration with Power BI

It exploits GlobalSUITE data to the maximum® by making an executive dashboard in a Business Intelligence tool such as PowerBI.

Documentary Manager

It allows the control of all the documentation, in different formats, to support the management of the continuity of the company.

Balanced Scorecard

The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.

Contact one of our experts now!

Más información

The solution at a glance

Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.

Product sheet

Request a demo

Our customers get more than software

No results found.

World-class companies and organizations already trust us

Joint implementation of ISO 27001 and ISO 27018

The implementation of the standard brings great benefits to cloud data operators, more so with isO 27018 certification, which is only certified in conjunction with ISO 27001.

Private information in the cloud

The management model in the cloud can present some difficulties as identifying where the information is hosted, the protection measures applied in communication networks or how these organizations manage personally identifiable information of data subjects that is housed in their information systems. However, through a management system integrated with GlobalSUITE® everything is carried out in an automated, centralized and traceable way.

ISO 27018 cloud private information consultancy

Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?

Reference consulting

Thanks to the experience in our consulting and auditing services of ISO 27001 and ISO 27002 in all types of organizations and sectors of activity we will work on the execution of a consultancy to ensure that your company takes into account the protection of the private information in the cloud, potentially affected by the processing and processing of personal information.

Our Team

Our team has more than 15 years of experience and is made up of:

Lawyers and engineers
Lead Auditor, ISO 27001, ISO 20000, ISO 22301, Lead Implementer.
DPD Certification
CISA, CISM, CGEIT, CRISC
PMP, ITIL, CDPP, COBIT 5 Foundations

ISO/IEC 27018provides a best practice base for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but

The ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers full transparency in this regard.

Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:

Domain 5: Information Security Policies
Domain 6: Information Security Organization
Domain 7: Human Resources Security
Domain 9: Access Control
Domain 10: Cryptography
Domain 11: Physical and environmental safety
Domain 12: Operations security
Domain 13: Communications security
Domain 16: Incident Management
Domain 18: Compliance

The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:

Consent and choice
Purpose of legitimacy and specification
Data minimisation
Limit of use, retention and disclosure
Opening, transparency and notification
Responsibility
Information Security
Privacy compliance

It provides confidence in the protection of information from customers and stakeholders, protecting the image of the organization from access or data breach.
It allows you to identify the risks to which information is exposed (PII) by establishing controls for mitigation.
Differentiation from competitors in the same sector, providing protection to information under an international standard.
Protection against multan, providing a management system that protects the information of interested parties.

''We adapt your organization to ISO 27018, not only for companies that are certified in ISO 27001, but those that decide to address the implementation of both standards''

Let’s start a new project together

Más información

Discover our software for protecting private information in the cloud

No results found.

ISO 27018 cloud private information consultancy

What is ISO 27018 and what does it specifically propose?

Controls Declaration of Applicability

Specific information privacy controls

Benefits