Learning Marketplace

Protecting PII with ISO/IEC 27018

Organizations which control, store or transmit personally identifiable information (PII) are increasingly exposed to active hackers, phishing scams and other threats that arise from poor information security. In addition, with advent of the cloud, more and more organizations depend on cloud computing to increase their storage capability and maximize the organization's IT flexibility, all at a reduced price.

The protection of PII continues to lie not only with where the information is stored, i.e. the cloud, but also with the receiving/transmitting organization. Regulations regarding privacy and data protection are fast becoming mandates, in Europe and beyond, and international organizations will face difficulties complying with these tighter restrictions.

ISO/IEC 27018:2014 is the internationally-recognized standard that outlines the code of practice for protecting PII for cloud service providers. It provides a catalog of controls to address risks to information privacy including how to deal with information privacy risks in the context of a cloud data processor.

How responsible is an organization for the information it touches? What is included in the definition of PII? If a cloud service provider is used, what controls need to be in place to protect PII? Join us as we discuss ISO/IEC 27001 and the controls in ISO/IEC 27018 that cover the requirements for cloud service providers.

Objectives:

  • Learn who is responsible for protecting PII
  • Understand the benefits of ISO/IEC 27018
    • For cloud service providers
    • For organizations looking for a cloud service provider
  • Explore current and pending regulations regarding protecting PII

Presenter:

Rob Whitcher, Technical Manager, ICT, BSI Group America, is an Information Security and IT professional with over 39 years' experience in the IT industry and more than 29 years' experience in Information Security, Privacy and business continuity.

He has extensive senior management and practical experience in consultancy, and in the development, implementation, auditing, investigation and training of both technical and non-technical aspects of information security and business continuity.

Rob is currently the BSI Global Technical Manager for TL 9000, ISO/IEC 20000 (IT Service Management), ESD (Electrostatic Discharge) and is the Americas Technical Manager for ISO/IEC 27001 (Information Security) and ISO 22301 (Business Continuity). Rob is responsible for ensuring these schemes are properly managed and conform to legal and regulatory requirements, including the protection of ITAR and EAR regulated information.