תקן אבטחת מידע
ISO 27001
ISO 27018 Security standard for cloud services
The ISO 27018 standard includes rules for application for the protection of PII - Personally Identifiable Information, in public clouds that process personally identifiable information.
The standard is based on ISO 27001 and ISO 27002 standards for information security and focuses on regulations, obligations and rules for securing PII against information security risks of public cloud service providers.
The standard defines the responsibilities of end customers and service providers in cloud services, which makes it possible to make these services more secure.
The standard includes 18 sections and an appendix
The controls included in this standard are based on controls in the ISO 27001 standard to which cloud service provider controls are added.
The device complies with the principles of privacy security found in the ISO 29100 standard.
ISO27018 complements other ISO security standards in the context of cloud privacy. A cloud service provider can be certified to the standard.
?How It Works
The steps of the process
Information gathering
Meetings with people, familiarization with processes and technologies: familiarization with organizational structure, business processes in the company, work procedures and information systems used in the company.
1
3
Correction and update
Treatment of gaps by a professional team with specializations in the relevant fields such as: content experts to write information security procedures, professional testers who will perform penetration tests.
2
Information analysis
Analysis of the existing situation in the company against the requirements of the standard for each of the sections. Presentation of gaps in a summary report with recommendations and prioritization for treatment.
4
External audit
An external audit is performed by one of the authorized institutes. The auditor goes through the SOA, the statement of applicability and supporting references and at the end issues a certificate of certification for compliance with the standard.