ISO/IEC 27018 Public Cloud Personal Information Security Management System

Provide compliance basis for personally identifiable information control and reduce security risks

 

The potential risk of personal data breaches has become a top international issue, with a number of major information security incidents drawing attention to how to protect your personal details. Today, more and more personal and consumer-level applications are cloud-based applications. The cloud offers organizations and consumers a number of benefits: cost savings, increased flexibility in mobile access to information. It also raises concerns about data protection and privacy, particularly Personally Identifiable Information (PII), which is defined as any information that can be used to identify the PII subject to which such information relates and which can be directly or indirectly associated with the PII subject.

 

For users, a cloud service provider (GSP) can provide its users with peace of mind and confidence that its cloud services are reliable, comply with applicable regulatory and contractual requirements, and apply best industry practices , then the cloud service provider will become the best choice for users. Under the background of this actual demand, ISO/IEC 27018 came into being.

 

ISO/IEC 27018 is a code of conduct for the protection of personally identifiable information in public cloud services to allow GSPs whose infrastructure has been certified to the standard to inform their existing and potential customers that their data is protected and will not be used for unauthorized use for any purpose that they expressly agree to. ISO/IEC 27018 provides generally accepted control objectives, controls and guidance on implementing measures to protect personally identifiable information (PII), aligning with the privacy principles of ISO/IEC 29100 and personal data privacy regulations around the world. ISO/IEC 27018 can ensure that cloud service providers have appropriate procedures for handling PII, and it can also help develop stronger cloud service agreements designed to provide real value and transparency to cloud service customers.

 

Service Content

ISO/IEC 27018 provides additional control over PII in two ways:

 

1. Provide guidance on how to implement specific ISO/IEC 27001 controls in the context of PII protection;

 

2. Provide control of PII in cloud environment not mentioned in the existing ISO/IEC 27001.

 

In addition, ISO/IEC 27018 establishes clear and transparent parameters for the return, transfer and secure processing of personal information; and requires GSPs to disclose the identity of any sub-processors with which they engage in data processing before a customer enters into a contract; if a GSP changes the self-processor , the GSP is required to notify customers in a timely manner, giving them the opportunity to object and terminate their agreement.

 

ISO/IEC 27018 applies to any organization, large or small, and it is critical for an organization to demonstrate compliance and show how it protects data, especially data that is not stored in one location.

Related Standards

○ ISO/IEC 27001-2013 Information Technology - Security Technology - Information Security Management System - Requirements

 

○ ISO/IEC 29100-2018 Information Technology - Security Technology - Privacy Architecture Framework

 

○ ISO/IEC 27002-2022 Information Security, Cyber-security and Privacy Protection Information Security Control

 

○ GB/T 35273-2020 Information Security Technology Personal Information Security Specification

Value gain

Improve customer confidence and trust

 

If a cloud service provider complies with this standard, it means it has a solid understanding of how to handle PII securely and is committed to protecting its customer data, which can help increase customer trust in the business.

 

Reduce customer audits

 

Many customers assign their stewardship to suppliers through frequent audits. ISO/IEC 27018 is an international standard and provides an independent, third-party evidence that an organization's cloud operations are not only controlled, but controlled in accordance with international best practice benchmarks.

Service Process

Q&A
 
How long does the system need to run before applying for certification?
Before applying for certification, the system must have been running for at least 3 months.
After obtaining the certificate, how to query the authenticity and validity of the certificate?
The authenticity and validity of the certificate can be queried by logging into NOA website (www.noagroup.com and selecting "certificate / report query" in the "resource center", or by logging into the national certification and accreditation information public service platform(http://cx.cnca.cn)Query.
After obtaining the certificate, how long is the certificate valid? Is it necessary to review every year?
After obtaining the certificate, the validity period of the certificate is 3 years, and at least one on-site audit is required every year to keep the certificate valid.
What to do after the expiration of the certificate?
Before the expiration of the certificate, we will arrange the customer service specialist to contact you actively to assist you in handling matters related to your re certification application.
Our Advantage
Authoritative qualification
NOA has been approved by Certification and Accreditation Administration of the People’s Republic of China(CNCA)(CNCA-R-2002-051), and has obtained qualification of China Inspection Body and Laboratory Mandatory Approval (CMA),and has passed the multiple approvals of China National Accreditation Service for Conformity Assessment (CNAS), International Accreditation Service (IAS), United Kingdom Accreditation Service (UKAS), Joint Accreditation System of Australia and New Zealand (JAS-ANZ). NOA has been approved by State Administration for Market Regulation of China, and has been recognized as inspection and testing institution of China's special equipment, as well as the qualification of China's national equipment supervision and engineering supervision. NOA-DCI is the notified body of the CE directive of the European Commission. NOA has been recognized by the International Electrotechnical Commission (IECQ) by obtaining Electronic Component Quality Assessment System. It is also a national inspection and assessment notified body of import and export commodity in China.NOA is a high-tech enterprise in Shanghai.
Improve Performance, Realize Asset Value Appreciation, and Service Throughout the Entire Value Chain
From pre-design to post-operation, NOA has the ability to guarantee the whole life cycle of the business. NOA, as an independent third-party inspection company, has a large number of domestic and international standards and specifications proficient in design, welding, non-destructive testing, painting, packaging and other fields The experienced team of professional engineers and inspection experts, with more than ten years of experience in the domestic market, is familiar with all aspects of the domestic industrial equipment supply chain, and can provide you with technical support services for the full life cycle of technical services in a timely manner, combining various products. Inspection, certification, testing, consulting, and auditing services can provide you with one-stop all-round comprehensive services.
Quality, Efficiency and Service
NOA has formed a mature and solid operation system in the development of more than 20 years. We let technical experts who are familiar with market regulations and testing standards and have professional industry experience to carry out inspection, evaluation and design review work. While meeting the requirements of domestic and international standards, we ensure that customers can obtain satisfactory service results in the first time with accurate time-sensitive management methods, and ensure that customers can seize the opportunity in the market competition.
Service Area
NOA inspection services currently cover Europe, Australia, Russia, some Middle East regions and most regions in China. NOA can ensure the consistency and continuity of customer service in different regions, and eliminate the impact of unfamiliar environments on customer quality. The guarantees and the impact of project implementation enable customers to participate in different markets across the country or around the world with flawless quality.

Tel:+86-400 821 5138

Fax:+86-21 3327 5843

Email:noa@noagroup.com

© Copyright NOA Group 版权所有 沪ICP备14042172号
Terms and Conditions
Qualification Management Formula
沪公网安备 31011502003435号