ISO/IEC 27018:2019 is an information security code of practise for cloud service providers who process personally identifiable information for their customers. Itâs an extension to ISO/IEC 27001:2013 and ISO/IEC 27002, and it provides additional security controls. It details privacy requirements and security control enhancements for privacy to be implemented by cloud service providers.
Â
It is complementary to ISO 27017:2015, Security Control for Cloud Services, and to ISO 27701:2019, Privacy Information Management, both of which also extend ISO 27001:2013.
As an extension to ISO 27001, ISO 27018 provides guidance on 16 ISO 27002 controls, as well as providing 25 new privacy and security controls: