BS EN ISO/IEC 27018:2020
Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
| Standard number: | BS EN ISO/IEC 27018:2020 |
| Pages: | 36 |
| Released: | 2020-06-10 |
| ISBN: | 978 0 539 06992 1 |
| Status: | Standard |
BS EN ISO/IEC 27018:2020 - Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds
Standard Number: BS EN ISO/IEC 27018:2020
Pages: 36
Released: June 10, 2020
ISBN: 978 0 539 06992 1
Status: Standard
Overview
In today's digital age, the protection of personally identifiable information (PII) is more critical than ever. As businesses and organizations increasingly rely on cloud services, ensuring the security and privacy of PII in public clouds becomes paramount. The BS EN ISO/IEC 27018:2020 standard provides a comprehensive code of practice specifically designed to address these concerns.
What is BS EN ISO/IEC 27018:2020?
The BS EN ISO/IEC 27018:2020 is an internationally recognized standard that outlines security techniques and practices for protecting PII in public cloud environments where the cloud service provider acts as a PII processor. This standard is part of the broader ISO/IEC 27000 family of standards, which focus on information security management systems.
Key Features and Benefits
- Comprehensive Guidance: The standard provides detailed guidelines for implementing measures to protect PII in public clouds, ensuring compliance with applicable data protection regulations.
- Risk Management: It emphasizes the importance of risk assessment and management, helping organizations identify and mitigate potential threats to PII.
- Transparency and Accountability: By adhering to this standard, cloud service providers can demonstrate their commitment to transparency and accountability in handling PII.
- Enhanced Trust: Organizations that implement the practices outlined in this standard can build greater trust with their customers and stakeholders by showing their dedication to safeguarding sensitive information.
- International Recognition: As an ISO/IEC standard, it is recognized globally, making it easier for organizations to align their practices with international best practices.
Who Should Use This Standard?
This standard is essential for any organization that utilizes public cloud services to process PII. It is particularly relevant for:
- Cloud Service Providers: Companies offering cloud-based solutions can use this standard to enhance their security measures and reassure clients of their data protection capabilities.
- Data Controllers: Organizations that are responsible for determining the purposes and means of processing PII can benefit from understanding how their cloud service providers should handle data.
- Compliance Officers: Professionals tasked with ensuring that their organization complies with data protection laws will find this standard invaluable in guiding their compliance strategies.
Implementation and Compliance
Implementing the BS EN ISO/IEC 27018:2020 standard involves several key steps:
- Assessment: Conduct a thorough assessment of current data protection practices and identify areas for improvement.
- Policy Development: Develop and implement policies and procedures that align with the standard's guidelines.
- Training: Ensure that all relevant personnel are trained on the new policies and understand their roles in protecting PII.
- Monitoring and Review: Regularly monitor compliance with the standard and review practices to ensure ongoing effectiveness.
Conclusion
The BS EN ISO/IEC 27018:2020 standard is an essential tool for any organization looking to enhance its data protection practices in the cloud. By providing a clear framework for protecting PII, it helps organizations navigate the complex landscape of data privacy and security. Whether you are a cloud service provider or a data controller, adopting this standard can significantly bolster your data protection efforts and build trust with your clients and stakeholders.
Invest in the security of your data today by aligning with the BS EN ISO/IEC 27018:2020 standard, and ensure that your organization is at the forefront of data protection in the digital age.
BS EN ISO/IEC 27018:2020
This standard BS EN ISO/IEC 27018:2020 Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors is classified in these ICS categories:
- 35.030 IT Security
- 35.040.50 Automatic identification and data capture techniques
This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.