The greatest threat to cloud service providers is the failure to implement effective controls to protect the PII they process and/or store. By implementing ISO 27018, it enables cloud service providers to implement additional information security controls that increase the level of protection for personal data stored and processed in the cloud.
What is ISO 27018?
ISO 27018 is part of the ISO 27000 family of standards and is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors.
ISO 27018 certification from Lloyd’s Register (LR) helps cloud service providers acting as PII processors to implement the existing controls in ISO 27002 with specific as well as completely new controls specifically for protecting PII.
Benefits of ISO 27018
ISO 27018 from LR promotes a relationship of trust and provides credibility to reassure your customers and stakeholders that the personal information you process in the cloud is protected.
New business relationships
With our globally recognised brand, gaining certification to ISO 27018 with LR differentiates you from other cloud service providers and demonstrates your commitment for protecting PII. These two things can make it easier for you to acquire new business, become a preferred supplier and a global provider of cloud services.
Risk mitigation and reputation
By identifying risks, ISO 27018 helps you to identify and implement controls to mitigate the risk of a data breach, protecting your brand reputation and making sure you comply with local regulations.
Need help with ISO 27018?
LR provides assessment, training and certification services for the ISO 27001 suite of services, which now includes ISO 27018. With our specialism in management system compliance, we can assess your organisations against the best practice framework in ISO 27018 and if successful, we will issue you with a Statement of Verification.
A statement of verification is a public statement of your organisation’s ability to protect the PII stored and/or processed in the cloud.
Why work with us?
Accreditation from UKAS
When selecting your certification body, you want to make sure you choose an organisation you can trust, has the capabilities to assess your organisation and who understands your industry sector.
Lloyd's Register was the first organisation to be accredited by the United Kingdom Accreditation Service (UKAS) and holds the scope to assess any organisation in any industry sector. This means you can be confident that we have the technical capabilities, industry knowledge and expertise to assess your organisation.
If you choose Lloyd's Register as your certification body, we make sure that your assessor is matched to your industry and business needs, ensuring you have a robust audit that improves your management system and business at the same time.
The value we provide you to your organisation is to make relevant recommendations that can help you to make sure your PII is protected.
Helping us to help others
The profits we generate fund the Lloyd’s Register Foundation, a charity that supports engineering-related research, education and public engagement. This enables us to stand by our vision that drives us every single day: working together for a safer world.