Guest user Created: Mar 20, 2019 Last commented: Mar 20, 2019

ISO 27018

We have a potential client interested in hiring us to deploy and manage an application stack within AWS. One request they have is for us to achieve a certification in either 27018, SOC2, or PCI DSS. I am looking for more information about the former.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 20, 2019

Answer:

ISO 27018 is not a certifiable standard. It can be used to support implementation of controls of ISO 27001 Annex A (this one is a certifiable standard), providing additional guidance to implement security practices to protect privacy in the cloud.

Some certification bodies are issuing unofficial ISO 27018 certificates but only for those organizations already ISO 27001 certified.

This article will provide you further explanation about ISO 27018:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 20, 2019

Expert Advice Community

ISO 27018

ISO 27018

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

SOA Table ISO 27018 specific controls for processing Personally Identifiable Information (PII)

Questions regarding the template of ISO 27001 & ISO 27017 & ISO 27018 Cloud Documentation Toolkit

ISO 27017 and ISO 27018