Get a quote
Standard

ISO/IEC 27018 – Protection of PII in Public Clouds

ISO/IEC 27018 is a code of practice focused on protecting personally identifiable information (PII) in public cloud environments where the cloud service provider acts as a PII processor.

Benefits of ISO/IEC 27018

  • Demonstrates strong privacy controls to customers and regulators.
  • Supports compliance with data protection laws, including GDPR.
  • Clarifies how PII is handled, processed and deleted in the cloud.
  • Enhances trust in multi-tenant and cross-border cloud environments.
  • Provides a recognised framework for privacy controls aligned with 27001.

How we assess 27018

  • We review how PII flows through your services and cloud infrastructure.
  • We evaluate controls around consent, purpose limitation and data subject rights.
  • We examine technical and organisational measures, including encryption, logging and access control.