It is a code of practice that focuses on personal identifiable information (pii) in the cloud. With reference to implementation guidelines, iso/iec 27002 controls are applicable to public cloud personal identifiable information (pii).
What are the benefits of iso 27018 certification?
comply with a number of legal & regulatory acts on pii in various regions (gdpr, hipaa, popi, etc.)
comply with applicable obligations for protecting pii processing
transparency to your customers on their pii
enter into a contractual agreement for better decision making & understanding
demonstrate effective implementation of pii protection
data management on cloud (data minimization, data transfer, back up, capacity management, etc.)
what are the requirements of iso 27018:2019?
legal, statutory, regulatory and contractual requirements
identifying risks associated with processing pii in the organization & its interested parties (stakeholders, service providers, patrons, etc.)
corporate policy – most of the policies are covered under legal & socio-cultural obligations, an organization may create other internal policies beyond the criteria derived from standard requirements
consents, transparency, communication security, physical & environmental security & operational security
defined vendor management, incident management & business continuity management
defining of soa
who can get iso 27018 certification?
all types of organization providing information processing services as pii processors & controllers through cloud computing under a contractual agreement to other organizations.
basically, all cloud service provider can have the above standard (aws, google cloud, azure, etc.)

It is a code of practice that focuses on personal identifiable information (pii) in the cloud. With reference to implementation guidelines, iso/iec 27002 controls are applicable to public cloud personal identifiable information (pii).
What are the benefits of iso 27018 certification?
comply with a number of legal & regulatory acts on pii in various regions (gdpr, hipaa, popi, etc.)
comply with applicable obligations for protecting pii processing
transparency to your customers on their pii
enter into a contractual agreement for better decision making & understanding
demonstrate effective implementation of pii protection
data management on cloud (data minimization, data transfer, back up, capacity management, etc.)
what are the requirements of iso 27018:2019?
legal, statutory, regulatory and contractual requirements
identifying risks associated with processing pii in the organization & its interested parties (stakeholders, service providers, patrons, etc.)
corporate policy – most of the policies are covered under legal & socio-cultural obligations, an organization may create other internal policies beyond the criteria derived from standard requirements
consents, transparency, communication security, physical & environmental security & operational security
defined vendor management, incident management & business continuity management
defining of soa
who can get iso 27018 certification?
all types of organization providing information processing services as pii processors & controllers through cloud computing under a contractual agreement to other organizations.
basically, all cloud service provider can have the above standard (aws, google cloud, azure, etc.)