Skip to main content
Back

ISO/IEC 27018:2014

Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

General information

Withdrawn from 15.01.2019
Directives or regulations
None

Standard history

Status
Date
Type
Name
15.01.2019
Main
29.07.2014
Main
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.

Required fields are indicated with *

*
*
*
PDF
82.61 € incl tax
Paper
82.61 € incl tax
Standard monitoring

Customers who bought this item also bought

Main

ISO/IEC 27017:2015

Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Newest version Valid from 30.11.2015
Main

ISO/IEC TR 27008:2011

Information technology -- Security techniques -- Guidelines for auditors on information security controls
Withdrawn from 14.01.2019
Main

ISO/IEC 27002:2013

Information technology -- Security techniques -- Code of practice for information security controls
Withdrawn from 15.02.2022
Main

ISO/IEC 27001:2013

Information technology -- Security techniques -- Information security management systems -- Requirements
Withdrawn from 25.10.2022