DIN Standards Committee Information Technology and IT Applications
DIN ISO/IEC 27018
Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2014)
Informationstechnik - Sicherheitsverfahren - Leitfaden zum Schutz personenbezogener Daten (PII) in öffentlichen Cloud-Diensten als Auftragsdatenverarbeitung (ISO/IEC 27018:2014)
Overview
This standard establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. This standard is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. DIN ISO/IEC 27018 is aligned with the implementation recommendations from DIN ISO/IEC 27002 and therefore fits seamlessly into an IT security management system in accordance with DIN ISO/IEC 27001.
Document: references other documents
Document: referenced in other documents
Responsible national committee
NA 043-04-27-05 AK - Identity management and privacy technologies
Responsible international committee
ISO/IEC JTC 1/SC 27/WG 5 - Identity management and privacy technologies
