ISO/IEC 27018:2019: Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|IEC||International Electrotechnical Commission|
|ISO||International Organization for Standardization|
|PII||Personally Identifiable Information|
ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
Annex A provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002( target="_blank" ) control set.
- A.1 General
- A.2 Consent and choice
- A.3 Purpose legitimacy and specification
- A.4 Collection limitation
- A.5 Data minimization
- A.6 Use, retention and disclosure limitation
- A.7 Accuracy and quality
- A.8 Openness, transparency and notice
- A.9 Individual participation and access
- A.10 Accountability
- A.11 Information security
- A.12 Privacy compliance
- ISO/IEC 27018 aims to addresses the privacy aspects of cloud computing.
- ISO/IEC 27018 is focused on PII.
- ISO/IEC 27018 is the first international set of privacy controls in the cloud.