Features of ISO 27017:
Features of ISO 27018
The overarching principle is that the customer controls his own data. The cloud supplier is just allowed to process PII in accordance with the customer's instructions. PII can only be used for marketing and advertising purpose when the customer provides consent for it.
Adhering to ISO 27018 defines restrictions on how providers may handle PII, including restriction on its transmission over public networks, storage on transportable media proper processes for data recovery restoration efforts.
When a data breach occurs that results into loss, disclosure or alteration of PII, ISO 27018 requires the provider to notify the customer of breach and to keep clear records about the incident.
Prior to entering into a cloud computing services agreement, providers must disclose the name of any sub processors and possible locations where PII may be processed. The provider must be transparent about its policies regarding the return, transfer and deletion of PII that is stored in the data center.
This requirement ensures that regular reviews of information security and general compliance by the cloud service provider are obtained through a third party independent audit.
It provides clarity regarding who is responsible for what between the cloud service provider and the cloud customer
Inspires trust on the business as customers have greater reassurance to customers and stakeholders
To whom does ISO/IEC 27018 apply?
This code of practice applies to CSPs that process PII under contract for other organizations.
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.