[ Introduction ISO/IEC 27018 ]

As much of our lives became richer online, various parts of our lives began to be shared online. As numerous people are involved online, personal identification has become essential to identify individuals online.

In addition, in cloud computing, where various sharing takes place, the need for such personal identification information and its security have become very important.

ISO/IEC 27018 is an international standard for protecting personal information for cloud services, especially for the protection of personal identification information.

ISO/IEC 27018 is based on ISO/IEC 27001 to establish an information protection management system and applies guidelines based on ISO/IEC 27002 in consideration of regulations for privacy protection within the information security environment of service providers.

In other words, we provide execution guidelines for the biggest purpose of protecting personal information in a cloud environment.

[ Necessity of ISO/IEC 27018 ]

• •  Prevention of abuse and leakage of personally identifiable information
• •  A more secure cloud service can be provided
• •  Provide a reliable cloud

[ ISO/IEC 27018 Requirements ]

• Scope
• Normative references
• Terms and definitions
• Overview
• Information security policies
• Organization of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Compliance
• Annex A (normative) – Public cloud PII processor extended control set for PII protection

If you have any questions, please contact us at the following email address.

E-mail: info@igcert.org