Certification against ISO 27108
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
ISO 27018 is not a certifiable standard. It is a code of practice that can be used to support certifiable management systems, like ISO 27001 for information security management systems. For more information click [here](https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/)
In case someone decides to use ISO 27001 to implement PII controls in a certifiable manner, either principal, controller and processor can be part of the certified scope, but with different purposes:
- For the PII principal, the certification purpose would be to ensure the PII principal can demand and verify actions from those who collect, store and process his/her PII
- For the PII controller and PII processor, the certification purpose would be to ensure they protect properly the PII they collect, store and process from their users
Comment as guest or Sign in
Sep 17, 2016