With GlobalSUITE® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements required by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.
Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.
Joint implementation of ISO 27001 and ISO 27018
The implementation of the standard brings great benefits to cloud data operators, more so with isO 27018 certification, which is only certified in conjunction with ISO 27001.
Private information in the cloud
The management model in the cloud can present some difficulties as identifying where the information is hosted, the protection measures applied in communication networks or how these organizations manage personally identifiable information of data subjects that is housed in their information systems. However, through a management system integrated with GlobalSUITE® everything is carried out in an automated, centralized and traceable way.
Reference consulting
Thanks to the experience in our consulting and auditing services of ISO 27001 and ISO 27002 in all types of organizations and sectors of activity we will work on the execution of a consultancy to ensure that your company takes into account the protection of the private information in the cloud, potentially affected by the processing and processing of personal information.
Our Team
Our team has more than 15 years of experience and is made up of:
Lawyers and engineers
Lead Auditor, ISO 27001, ISO 20000, ISO 22301, Lead Implementer.
DPD Certification
CISA, CISM, CGEIT, CRISC
PMP, ITIL, CDPP, COBIT 5 Foundations
ISO/IEC 27018provides a best practice base for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but
The ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers full transparency in this regard.
Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:
The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:
''We adapt your organization to ISO 27018, not only for companies that are certified in ISO 27001, but those that decide to address the implementation of both standards''
