ISO 27018 establishes controls to protect Personally Identifiable Information (PII) in public cloud computing environments. A public cloud service provider is a PII processor when it processes PII for and according to the instructions of a cloud service customer. 

 

Who should be ISO 27018 compliant? 

  • Any organization that processes PII in a commercial cloud and wants to implement industry-standard controls

 

Why should my company be ISO 27018 compliant?

  • ISO 27018 compliance will help your company showcase that you are certifying your controls against the ISO standard for cloud privacy management and making active efforts to produce personal identifiable information of your customers

 

What is the timeline for ISO 27018 compliance? 

  • Approximately 40 hours. Most companies will combine ISO 27018 certification and their ISO 27001 audit.  

 

What can Vanta automate?

  • Vanta will provide automated tests and evidence for ISO 27018 compliance.

 

Does ISO 27018 require a formal audit?

  • While ISO 27018 is not a formally certifiable standard, ISO 27018 can be audited and certified during your regular ISO 27001 audit. Keep in mind that to achieve ISO 27701 compliance, a company must also be ISO 27001 certified.