Publication CODE |
Title |
ISO/IEC 27018:2014 (2014-07) |
INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) in PUBLIC CLOUDS ACTING AS PII PROCESSORS |
|
Price Excl. VAT |
Total number of pages, tables and drawings |
137.00 €
|
23. |
Description
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
|
Class |
C990
(IEC PUBLICATIONS IEC PUBLICATIONS)
|
Committee |
ISO/IEC JTC 1/SC 27
IT SECURITY TECHNIQUES
|
BEC Approval |
2012-10-15 |
Registration |
147122 |
ICS-Code (International Standards Classification) |
35.030
|
NBN Status |
New |
|
IEC publication date |
2014-07-29 |
|