With GlobalSUITE® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements required by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.
Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.
In our organization we had been with the Systems of Continuity, Security and Protection of Data implemented for several years. Each was taken separately with its manager until we saw that it was no longer efficient to manage it as well. GlobalSUITE® was key in advising us throughout the implementation process on how to operate the systems in an integrated way, helping us achieve significant time savings and gain efficiency in the day to day.
CIO
GlobalSUITE® has been a great help in the process of continuous improvement and monitoring of our information security management system. We are very happy with the team about how they accompanied us in this transition from Excel to optimized management.
Director of Security
Joint implementation of ISO 27001 and ISO 27018
The implementation of the standard brings great benefits to cloud data operators, more so with isO 27018 certification, which is only certified in conjunction with ISO 27001.
Private information in the cloud
The management model in the cloud can present some difficulties as identifying where the information is hosted, the protection measures applied in communication networks or how these organizations manage personally identifiable information of data subjects that is housed in their information systems. However, through a management system integrated with GlobalSUITE® everything is carried out in an automated, centralized and traceable way.
Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?
Reference consulting
Thanks to the experience in our consulting and auditing services of ISO 27001 and ISO 27002 in all types of organizations and sectors of activity we will work on the execution of a consultancy to ensure that your company takes into account the protection of the private information in the cloud, potentially affected by the processing and processing of personal information.
Our Team
Our team has more than 15 years of experience and consists of: Lawyers and Engineers Lead Auditor, ISO 27001, ISO 20000, ISO 22301, Lead Implementer. CERTIFICATION of DPD CISA, CISM, CGEIT, CRISC PMP, ITIL, CDPP, COBIT 5 Foundations
ISO/IEC 27018provides a good practice basis for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers complete transparency in this regard.
Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:
The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:
''We adapt your organization to ISO 27018, not only for companies that are certified in ISO 27001, but those that decide to address the implementation of both standards''
