ISO 27018 Protecting Personally Identifiable Information in the cloud

The greatest threat to cloud service providers is the failure to implement effective controls to protect the PII they process and/or store. By implementing ISO 27018, it enables cloud service providers to implement additional information security controls that increase the level of protection for personal data stored and processed in the cloud.

ISO 27018 is part of the ISO 27000 family of standards and is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.

ISO 27018 certification from LRQA helps cloud service providers acting as PII processors to implement the existing controls in ISO 27002 with specific as well as completely new controls specifically for protecting PII.

Customer confidence

ISO 27018 from LRQA promotes a relationship of trust and provides credibility to reassure your customers and stakeholders that the personal information you process in the cloud is protected.

New business relationships

With our globally recognised brand, gaining certification to ISO 27018 with LRQA differentiates you from other cloud service providers and demonstrates your commitment for protecting PII. These two things can make it easier for you to acquire new business, become a preferred supplier and a global provider of cloud services.

Risk mitigation and reputation

By identifying risks, ISO 27018 helps you to identify and implement controls to mitigate the risk of a data breach, protecting your brand reputation and making sure you comply with local regulations.

LRQA provides assessment, training and certification services for the ISO 27001 suite of services, which now includes ISO 27018. With our specialism in management system compliance, we can assess your organisations against the best practice framework in ISO 27018 and if successful, we will issue you with a Statement of Verification.

A statement of verification is a public statement of your organisation’s ability to protect the PII stored and/or processed in the cloud.

Accreditation from UKAS

When selecting your certification body, you want to make sure you choose an organisation you can trust, has the capabilities to assess your organisation and who understands your industry sector.

LRQA was the first organisation to be accredited by the United Kingdom Accreditation Service (UKAS) and holds the scope to assess any organisation in any industry sector. This means you can be confident that we have the technical capabilities, industry knowledge and expertise to assess your organisation.

Technical expertise

If you choose LRQA as your certification body, we make sure that your assessor is matched to your industry and business needs, ensuring you have a robust audit that improves your management system and business at the same time.

The value we provide you to your organisation is to make relevant recommendations that can help you to make sure your PII is protected.