ISO/IEC 27018

E100887

ISO/IEC 27018 is an international standard that provides guidelines and controls for protecting personally identifiable information (PII) in public cloud computing environments.

All labels observed (2)

Label Occurrences
ISO/IEC 27018 canonical 5
ISO 27018 1

How this entity was disambiguated

Statements (46)

Predicate Object
instanceOf IEC standard
ISO standard
information security standard
privacy standard
addresses cross-border transfer of PII in cloud computing
data breach notification in cloud services
data deletion and return in cloud services
data subject rights in cloud environments
information security incident management for PII
obligations of public cloud PII processors
subcontractor and subprocessor management
transparency of cloud processing operations
use of PII for marketing and advertising by cloud providers
appliesTo cloud service providers acting as PII processors
public cloud computing services
basedOn ISO/IEC 27002
canBeCertifiedAgainst yes
compatibleWith ISO 27001
surface form: ISO/IEC 27001
defines controls for protection of PII in public cloud computing
domain cloud computing
extends ISO/IEC 27002 controls with PII-specific guidance
focusesOn protection of personally identifiable information in public clouds
hasAbbreviation ISO/IEC 27018 self-linksurface differs
surface form: ISO 27018
intendedFor cloud service providers
organizations using public cloud services
language English (official version)
partOfSeries ISO/IEC 27000 family
protects personally identifiable information in cloud environments
provides guidelines for implementing PII protection controls
publishedBy International Electrotechnical Commission
International Organization for Standardization
requires agreements governing PII processing between cloud provider and customer
clear information to customers about where PII is processed
controls to restrict processing of PII to customer instructions
logging and monitoring of PII processing activities
measures to ensure data subject access, correction and deletion
notification to customers in case of PII breaches
procedures for secure deletion of PII
security controls for PII during transmission and storage
subjectArea data protection
information security
privacy
supports compliance with applicable privacy legislation
typeOfControlSet code of practice
usedFor demonstrating cloud provider privacy commitments
third-party assessment of cloud privacy controls

How these facts were elicited

Referenced by (6)

Full triples — surface form annotated when it differs from this entity's canonical label.

ISO 27001 relatedStandard ISO/IEC 27018
ISO/IEC (for parts of the framework) standardSeries ISO/IEC 27018
subject surface form: ISO/IEC
ISO/IEC 27017 relatedTo ISO/IEC 27018
ISO/IEC 27018 hasAbbreviation ISO/IEC 27018 self-linksurface differs
this entity surface form: ISO 27018
ISO/IEC 27000 family includesStandard ISO/IEC 27018
ISO/IEC developsStandard ISO/IEC 27018