Expert Advice Community

Home / ISO 27001 & 22301 / Certification against ISO 27108

Guest

Certification against ISO 27108

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Sep 17, 2016 Last commented:   Sep 17, 2016

Certification against ISO 27108

ISO 27001 & 22301
A PII processor, principal or controller can be certified against ISO 27018?
0 0

Assign topic to the user

ISO 27001 LEAD AUDITOR COURSE

Become an ISO 27001 certification auditor.

ISO 27001 LEAD AUDITOR COURSE

Become an ISO 27001 certification auditor.
Expert
Rhand Leal Sep 17, 2016

Answer:

ISO 27018 is not a certifiable standard. It is a code of practice that can be used to support certifiable management systems, like ISO 27001 for information security management systems. For more information click [here](https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/)

In case someone decides to use ISO 27001 to implement PII controls in a certifiable manner, either principal, controller and processor can be part of the certified scope, but with different purposes:
- For the PII principal, the certification purpose would be to ensure the PII principal can demand and verify actions from those who collect, store and process his/her PII
- For the PII controller and PII processor, the certification purpose would be to ensure they protect properly the PII they collect, store and process from their users

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 17, 2016

Sep 17, 2016

Suggested Topics
LindaK Created:   Sep 08, 2024 ISO 27001 & 22301
Replies: 1
0 0

Template for ISO27001 Audit program
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits
Garry Created:   Dec 10, 2023 ISO 27001 & 22301
Replies: 3
0 0

Understanding the core concepts of RPO & RTO - ISO 22301