Standards Search

Certification Area

Sector

Certificate

ISO/IEC 27018

Protection of personally identifiable information (PII) in public clouds

Cloud Computing Services are a model for delivering technological resources that allows direct and remote access to informed resources - such as applications, databases, usability or storage space - over the internet.

Cloud computing is increasingly used by companies to migrate their data, information or infrastructure, thanks to its flexibility, high availability, accessibility, mobility and cost reduction.

To manage the security risks of personally identifiable information (PII), an internationally recognized code of practice was developed, focused on the protection of personal data in the cloud - ISO/IEC 27018. This is an extremely useful tool that contributes and provides confidence to the market regarding the capacity, suitability and commitment of cloud computing service providers to the applicable legislation.

ISO/IEC 27018 is based on the ISO/IEC 27002 information security standard, complements the set of controls in Annex A to ISO/IEC 27001, and includes controls for the protection of Personally Identifiable Information (PII), in accordance with the privacy principles of ISO/IEC 29100 for the public cloud computing environment.

The main benefits of the implementation and subsequent certification in accordance with this standard include:

Increased customer trust in the protection of data and personal information, by confirmation of compliance with ISO/IEC 27018 by an independent third party;

Competitive advantage, through the provision of services with protection of personal information at the highest level;

Reduction of information security risks applicable to PII in the public cloud;

Facilitated access to the global market, through compliance with common guidelines in different countries, which facilitate the conduct of business worldwide and access as a preferred supplier;

Compliance with legislation applicable to cloud service providers, reducing the risk of fines for personal data breaches.

Guides and Publications
APCER RGC Sistemas de Gestao EN

General Regulation for Management System Certification

Language: English

Download
Certification Area Information Security, Management System

Ask us for a proposal

More information:

Guides and Publications

The Certification Process

FAQ's

Client Support

Complaints and Appeals

back to top

Highlights & Trends

  • ISO 45001

    Safety
    Occupational Health and Safety Management System

  • ISO 14001

    Environment
    Environmental management system

  • ISO 9001

    Quality
    Quality Management System

  • ISO 50001

    Supply Chain Audits
    Energy Management System
See all standards

Our integrated services

Learn more about our certification, audit and training services.

link
Supply Chain Audits
APCER Avaliacao de fornecedores
link
Compliance
APCER compliance
link
ESG
Environment, Social, Governance
APCER ESG 2
link
Forestry Sector
APCER forest
link
Training
APCER formacao
link
Food Safety
APCER seg alimentar
link
Information Security
APCER segurança info
link
Management Systems, Products and Services
APCER serviços sistemas
apcer banner 15

How can we help your business?

Request more information or a service proposal

Newsletter APCER

Stay up-to-date with the latest news

Subscribe our Newsletter