Business standards company BSI, has launched a training and certification scheme to ensure the protection of personal data safety in the cloud and combat privacy and security concerns.
ISO/IEC 27018 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors has been developed to provide cloud service providers and their customers the confidence that personal data processed in a cloud environment is safe from threats, shared only according to their wishes, and maintained as dictated by local legal requirements.
The ISO/IEC 27018 certification scheme is relevant for any organization regardless of type or size that provides public cloud computing services.
To demonstrate compliance with the standard, cloud service providers must adopt several practices to ensure personal data safety. These practices include making customers aware of where their data is stored, ensuring major system changes are reviewed by independent third-parties at regular intervals, and by documenting any data security infringements, including steps taken to resolve problems and the possible consequences of these. In addition, organizations must identify and adhere to any local legal requirements.
BSI Global Portfolio Manager Kaara Pallop commented that data is a valuable asset for any organization and stressed that any kind of breach can be costly to a business, not least to its reputation.
Pallop went on to say that the scheme provides customers and stakeholders greater assurance that personal data and information are protected, while helping to reduce risk and ensure compliance with regulatory obligations.
“By choosing an ISO/IEC 27018 certified provider, both organizations and customers can be confident that the supplier has taken the technical and legislative steps necessary to protect one of their most valuable assets,” Pallop said.
ISO/IEC 27018 incorporates ISO/IEC 27001 Information Security Management to ensure that organizations establish a robust management system to ensure personal data safety.