Data breaches are a constant source of concern for many organizations, and a new online consumer information standard aims at making consumer information more secure.
ISO/IEC 27018, Code of practice for protection of personally identifiable information (PII) in public clouds, was developed to provide cloud service providers and their customers with the confidence that any personal data processed in a cloud environment is safe from threats, shared only according to their wishes, and maintained as dictated by local legal requirements. The certification scheme is relevant for any type or size of organization that provides public cloud computing services.
In order to demonstrate their compliance with the standard, cloud service providers must adopt several practices. These include making customers aware of where their data is stored, ensuring any major system changes are reviewed by independent third parties at regular intervals and documenting any infringements on data security, including steps taken to resolve problems and the possible consequences. In addition, they must identify and adhere to any local legal.
Incorporates Existing Information Security Standard
ISO/IEC 27018 incorporates ISO/IEC 27001, Information security management, to ensure that organizations establish a robust management system to protect public cloud data.
“Data is a valuable asset for any organization and any kind of breach can be costly to a business, not least to its reputation,” says Kaara Pallop, global portfolio manager at BSI, which recently launched a new certification scheme for the standard. “This scheme provides greater assurance to customers and stakeholders that personal data and information are protected and helps to reduce risk and ensures compliance with regulatory obligations. By choosing an ISO/IEC 27018-certified provider, both organizations and customers can be confident that the supplier has taken the technical and legislative steps necessary to protect one of their most valuable assets.”
For more information on the new online consumer information standard, go to www.bsigroup.com/en-US/.