ISO/IEC 27017:2021 and ISO/IEC 27018:2020 Certification

INFORMATION SECURITY TECHNIQUES - SECURITY OF PERSONAL DATA IN CLOUD SERVICES

What are ISO/IEC 27017:2021 and ISO/IEC 27018:2020 standard?

ISO/IEC 27017 and ISO/IEC 27018 provide guidelines offering control objectives, rules, and procedures to implement adequate protection measures for cloud service providers and Incident Management. These standards must be integrated within an ISO 27001 certification to be considered valid.

ISO/IEC 27017:2021

The standard  provides guidelines for InformationSsecurity controls specifically applicable to cloud services. The main objective of the standard is to improve Information Security for both cloud service providers and customers.

ISO/IEC 27018:2020

The standard is an international standard that provides guidelines for protecting personally identifiable information (PII) in public cloud services. It is designed to address privacy and data protection challenges in the cloud, helping cloud service providers comply with privacy laws.

In order to obtain ISO/IEC 27017:2021 and ISO/IEC 27018:2020 certification, it is necessary to implement an effective Information Security Management System compliant with the standards' requirements. Bureau Veritas is a third-party certification body that can assist you in the certification process: we provide self-assessment, analysis, and certification services for your Information Security Management System.

Contact us

What are the main benefits of ISO/IEC 27017:2021 and ISO/IEC 27018:2020 certifications?

These two guidelines serve to ensure Information Security and personal data protection in cloud environments. They are particularly relevant for companies handling sensitive or personal data, regardless of the sector in which they operate. Although they are voluntary standards, they can help companies comply with laws such as GDPR. In particular:

  • ISO/IEC 27017:2021 ensures greater cloud security by identifying and mitigating risks specifically related to this field
  • ISO/IEC 27018:2020 ensures that the organization handles personal data in compliance with privacy and data protection principles within a cloud computing environment.