Certification Cloud | ISO 27018

Cloud Service Providers that process personally identifiable information (PII) under contract to their customers must operate their services so as to enable both parties to meet the requirements of applicable regulations regarding the protection of PII.

The obligations of PII processors vary for each jurisdiction, making it challenging for companies providing cloud computing services to operate in multiple countries.

ISO/IEC 27018:2015 establishes commonly accepted control elements and guidelines for implementing measures to protect PII in accordance with the privacy principles contained in ISO/IEC 29100 for public cloud computing environments.

In particular, ISO /IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into account regulatory requirements for the protection of PII that may be applicable within the context of the information security risk environment of a public cloud service provider.

ISO/IEC 27018 is applicable to organizations of all types and sizes, including private or public companies, government entities and non-profit organizations, that provide information processing services such as PII processors via cloud computing under contract with other organizations.

With the certification by an independent third party body, the company provides credibility of its commitments to its customers and interested parties.

Related Services

Management System





Ask for a Quote 

Go to form



Service provided by InterCert GmbH.

Contact our offices in Bonn to request a quote.

t. +49 228 62 9750-0 - m. info@mtic-group.org