NORMSERVIS s.r.o.

ISO/IEC 27018-ed.2.0

Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

NORMA vydaná dňa 15.1.2019

Anglicky -
Elektronické PDF (169.50 EUR)
Anglicky -
Tlačené (169.50 EUR)
Anglicky -
CD-ROM (171.10 EUR)


Francúzsky -
Elektronické PDF (169.50 EUR)
Francúzsky -
Tlačené (169.50 EUR)
Francúzsky -
CD-ROM (171.10 EUR)

The information about the standard:

Designation standards: ISO/IEC 27018-ed.2.0
Publication date standards: 15.1.2019
The number of pages: 23
Approximate weight : 69 g (0.15 lbs)
Country: International technical standard
Kategória: Technické normy ISO

Annotation of standard text ISO/IEC 27018-ed.2.0 :

This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations. Le present document etablit des objectifs de securite communement acceptes, des mesures de securite et des lignes directrices de mise en ouvre de mesures destinees a proteger les informations personnelles identifiables (PII) conformement aux principes de protection de la vie privee de lISO/IEC 29100 pour lenvironnement informatique en nuage public. En particulier, le present document specifie des lignes directrices derivees de lISO/IEC 27002, en tenant compte des exigences reglementaires relatives a la protection des PII, qui peuvent etre applicables dans le contexte du ou des environnements de risque lies a la securite de linformation dun fournisseur de services en nuage public. Le present document sapplique aux organismes de tous types et de toutes tailles, y compris les societes publiques et privees, les entites gouvernementales et les organismes a but non lucratif, qui offrent des services de traitement de linformation en tant que processeurs de PII via linformatique en nuage sous contrat aupres dautres organismes. Les lignes directrices du present document peuvent egalement sappliquer aux organismes agissant en tant que controleurs de PII. Cependant, les controleurs de PII peuvent etre soumis a dautres lois, reglementations et obligations en matiere de protection des PII qui ne sappliquent pas aux processeurs de PII. Le present document na pas pour objet de couvrir des obligations supplementaires.