With GlobalSUITE® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements required by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.
Discover our software for protecting private information in the cloud
Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.
No results found.
Joint implementation of ISO 27001 and ISO 27018
The implementation of the standard brings great benefits to cloud data operators, more so with isO 27018 certification, which is only certified in conjunction with ISO 27001.
Private information in the cloud
The management model in the cloud can present some difficulties as identifying where the information is hosted, the protection measures applied in communication networks or how these organizations manage personally identifiable information of data subjects that is housed in their information systems. However, through a management system integrated with GlobalSUITE® everything is carried out in an automated, centralized and traceable way.
Reference consulting
Thanks to the experience in our consulting and auditing services of ISO 27001 and ISO 27002 in all types of organizations and sectors of activity we will work on the execution of a consultancy to ensure that your company takes into account the protection of the private information in the cloud, potentially affected by the processing and processing of personal information.
Our Team
Our team has more than 15 years of experience and is made up of:
Lawyers and engineers
Lead Auditor, ISO 27001, ISO 20000, ISO 22301, Lead Implementer.
DPD Certification
CISA, CISM, CGEIT, CRISC
PMP, ITIL, CDPP, COBIT 5 Foundations
ISO/IEC 27018provides a best practice base for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but
The ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers full transparency in this regard.
Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:
- Domain 5: Information Security Policies
- Domain 6: Information Security Organization
- Domain 7: Human Resources Security
- Domain 9: Access Control
- Domain 10: Cryptography
- Domain 11: Physical and environmental safety
- Domain 12: Operations security
- Domain 13: Communications security
- Domain 16: Incident Management
- Domain 18: Compliance
The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:
- Consent and choice
- Purpose of legitimacy and specification
- Data minimisation
- Limit of use, retention and disclosure
- Opening, transparency and notification
- Responsibility
- Information Security
- Privacy compliance
- It provides confidence in the protection of information from customers and stakeholders, protecting the image of the organization from access or data breach.
- It allows you to identify the risks to which information is exposed (PII) by establishing controls for mitigation.
- Differentiation from competitors in the same sector, providing protection to information under an international standard.
- Protection against multan, providing a management system that protects the information of interested parties.
''We adapt your organization to ISO 27018, not only for companies that are certified in ISO 27001, but those that decide to address the implementation of both standards''