We’ve detected that you are using an outdated browser. This will prevent you from accessing certain features. Update browser

ISO 27018 Protecting Personally Identifiable Information in the cloud

Keeping information safe in the cloud.

As organizations increasingly rely on collecting personal information via websites and applications, personally identifiable information (PII) is becoming more attractive to hackers as it’s easy to steal. ISO 27018 helps cloud service providers acting as PII processers, to implement processes that protect personal information in the cloud.

Find out more about this service


The greatest threat to cloud service providers is the failure to implement effective controls to protect the PII they process and/or store. By implementing ISO 27018, it enables cloud service providers to implement additional information security controls that increase the level of protection for personal data stored and processed in the cloud.

What is ISO 27018?

ISO 27018 is part of the ISO 27000 family of standards and is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.

ISO 27018 certification from LRQA helps cloud service providers acting as PII processors to implement the existing controls in ISO 27002 with specific as well as completely new controls specifically for protecting PII.

Benefits of ISO 27018

Customer confidence

ISO 27018 from LRQA promotes a relationship of trust and provides credibility to reassure your customers and stakeholders that the personal information you process in the cloud is protected.

New business relationships

With our globally recognized brand, gaining certification to ISO 27018 with LRQA differentiates you from other cloud service providers and demonstrates your commitment for protecting PII. These two things can make it easier for you to acquire new business, become a preferred supplier and a global provider of cloud services.

Risk mitigation and reputation

By identifying risks, ISO 27018 helps you to identify and implement controls to mitigate the risk of a data breach, protecting your brand reputation and making sure you comply with local regulations.

Need help with ISO 27018?

LRQA provides assessment, training and certification services for the ISO 27001 suite of services, which now includes ISO 27018. With our specialism in management system compliance, we can assess your organizations against the best practice framework in ISO 27018 and if successful, we will issue you with a Statement of Verification.

A statement of verification is a public statement of your organization’s ability to protect the PII stored and/or processed in the cloud.

Why work with us?

Accreditation from UKAS

When selecting your certification body, you want to make sure you choose an organization you can trust, has the capabilities to assess your organization and who understands your industry sector.

LRQA was the first organization to be accredited by the United Kingdom Accreditation Service (UKAS) and holds the scope to assess any organization in any industry sector. This means you can be confident that we have the technical capabilities, industry knowledge and expertise to assess your organization.

Technical expertise

If you choose LRQA as your certification body, we make sure that your assessor is matched to your industry and business needs, ensuring you have a robust audit that improves your management system and business at the same time.

The value we provide you to your organization is to make relevant recommendations that can help you to make sure your PII is protected.

Want to know more about this service?

Find out more about this service