ISO 27018

Protection of Personally Identifiable Information (PII) in Public Clouds

As organisations grow more dependent on storing data on the cloud, understanding online solutions and cloud suppliers have never been more significant. While there are numerous benefits offered by the cloud, the use of such technology also introduces risks, which could impact the protection of confidentiality, integrity and availability of information, especially any PII.

ISO 27018 standard is used along with ISO 27001 to allow Cloud Service Providers to demonstrate to their clientele that their data is protected and is only used for the purposed it was authorised for.

Key features of this service

  • Alignment with the requirements of Cloud Security Principles
  • Alignment to international standards including ISO 27001, 27017 and 27018
  • Alignment to Government and NCSC policies and standards
  • Independent assessment of cloud services and validation of assertions
  • Assurance of cloud service components, e.g. products, services, people
  • Advice tailored to business risk appetite and security requirements
  • Comprehensive assessment of risks and opportunities
  • Identification of suitable and compliant cloud hosting services
  • Conducted by independent, knowledgeable and experienced cloud security specialists


  • Assurance to stakeholders that robust cloud security controls are embedded within the Management System
  • Provides baseline requirements and guidelines to ensure data security is enabled in cloud
  • Compliance with regulations associated with personal data and cloud security
  • Reduce the likelihood of security incidents in relation to personal data
  • Identify and address risks which impact cloud-based systems
  • Achieve certification to an international standard and easily integrate into other ISO standards
  • Reduce risk of fines imposed due to data breach
  • Build upon existing security controls and best practices


For more information please contact us.

Scroll to Top