Protecting PII with ISO/IEC 27018
Organizations which control, store or transmit personally identifiable information (PII)
are increasingly exposed to active hackers, phishing scams and other threats that arise
from poor information security. In addition, with advent of the cloud, more and more
organizations depend on cloud computing to increase their storage capability and
maximize the organization's IT flexibility, all at a reduced price.
The protection of PII continues to lie not only with where the information is stored,
i.e. the cloud, but also with the receiving/transmitting organization. Regulations
regarding privacy and data protection are fast becoming mandates, in Europe and beyond,
and international organizations will face difficulties complying with these tighter
ISO/IEC 27018:2014 is the internationally-recognized standard that outlines the code of
practice for protecting PII for cloud service providers. It provides a catalog of
controls to address risks to information privacy including how to deal with information
privacy risks in the context of a cloud data processor.
How responsible is an organization for the information it touches? What is included in
the definition of PII? If a cloud service provider is used, what controls need to be in
place to protect PII? Join us as we discuss ISO/IEC 27001 and the controls in ISO/IEC
27018 that cover the requirements for cloud service providers.
- Learn who is responsible for protecting PII
Understand the benefits of ISO/IEC 27018
- For cloud service providers
- For organizations looking for a cloud service provider
- Explore current and pending regulations regarding protecting PII
Rob Whitcher, Technical Manager, ICT, BSI Group America, is an
Information Security and IT professional with over 39 years' experience in the IT
industry and more than 29 years' experience in Information Security, Privacy and
He has extensive senior management and practical experience in consultancy, and in the
development, implementation, auditing, investigation and training of both technical and
non-technical aspects of information security and business continuity.
Rob is currently the BSI Global Technical Manager for TL 9000, ISO/IEC 20000 (IT Service
Management), ESD (Electrostatic Discharge) and is the Americas Technical Manager for
ISO/IEC 27001 (Information Security) and ISO 22301 (Business Continuity). Rob is
responsible for ensuring these schemes are properly managed and conform to legal and
regulatory requirements, including the protection of ITAR and EAR regulated information.