Expert Advice Community

Guest

ISO 27001 and ISO 27018

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

ISO 27001 and ISO 27018

I need more information:

1. Whether that will be certified to ISO 27018 should first pitch ISO 27001 certification
2. Differences between 27001 and 27018
3. If the stand-alone ISO 27018 clause or control the use of what each step as well as what

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016
1. You cannot certify ISO 27018, because this standard is only a code of best practices (like ISO 27002), but you can use their controls for the implementation and certification of ISO 27001. On this way, first you need to implement ISO 27001 and during the risk treatment you can implement controls of ISO 27018. This article about ISO 27001 and ISO 27018 can be interesting for you "ISO 27001 vs. ISO 27018 - Standard for protecting privacy in the cloud": https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
2. ISO 27001 basically is about risks management related to the information security: You need to protect the information identifying risks and reducing them applying security controls (so can use a code of best practices for this, typically ISO 27002 which is composed by 114 security controls, but you can also use ISO 27018), and ISO 27018 is a code of best practices focused on the protection of personally identifiable information in public clouds, so you can use it to implement controls for the reduction of risks related to cloud environment. 
This article about basic information of ISO 27001 can be interesting for you What is ISO 27001?: https://advisera.com/27001academy/what-is-iso-27001/
And also this article about the differences between ISO 27001 and ISO 27002 ISO 27001 vs. ISO 27002: https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
3. I am sorry but I am not sure what you mean, but as I have explained before, ISO 27018 is only a code of best practices and you cannot certify it, but you can implement it, and you can have controls focused on the protection of personally identifiable information in the public clouds, although on this way you cannot get certified and won't know how to manage risks related to the information security.
Finally, this article about the cloud computing can be interesting for you Cloud computing and ISO 27001 / BS 25999: https://advisera.com/27001academy/blog/2011/05/30/cloud-computing-and-iso-27001-bs-25999/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics

Guest user Created:   Apr 15, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and ISO 27018

Guest user Created:   Oct 30, 2020 ISO 27001 & 22301
Replies: 1
0 0

PIMS