ISO/IEC 27018:2014
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
View Superseded by
Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Hardcopy , PDF
English
29-07-2014
09-04-2025
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
| Committee |
ISO/IEC JTC 1/SC 27
|
| DocumentType |
Standard
|
| Pages |
23
|
| PublisherName |
International Organization for Standardization
|
| Status |
Withdrawn
|
| SupersededBy |
| Standards | Relationship |
| NEN ISO/IEC 27018 : 2014 | Identical |
| NBN ISO/IEC 27018 : 2014 | Identical |
| NS ISO/IEC 27018 : 2014 | Identical |
| DIN ISO/IEC 27018:2017-08 | Identical |
| PN ISO/IEC 27018 : 2017 | Identical |
| BS ISO/IEC 27018:2014 | Identical |
| DS ISO/IEC 27018 : 2014 | Identical |
| PD ISO/TR 20526:2017 | Account-based ticketing state of the art report |
| 18/30346433 DC : 0 | BS ISO/IEC 19086-4 - INFORMATION TECHNOLOGY - CLOUD COMPUTING SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 4: SECURITY AND PRIVACY |
| 15/30319488 DC : 0 | BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| BS ISO/IEC 19086-1:2016 | Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts |
| ISO/IEC 38505-1:2017 | Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data |
| BS ISO/IEC 27000 : 2016 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| ISO/IEC 27009:2016 | Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements |
| ISO/IEC 19086-1:2016 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts |
| DIN ISO/IEC 17789:2017-07 | INFORMATION TECHNOLOGY - CLOUD COMPUTING - REFERENCE ARCHITECTURE (ISO/IEC 17789:2014) |
| 18/30348902 DC : 0 | BS ISO/IEC 21878 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY GUIDELINES FOR DESIGN AND IMPLEMENTATION OF VIRTUALIZED SERVERS |
| BS ISO/IEC 17789:2014 | Information technology. Cloud computing. Reference architecture |
| ISO/IEC 27000:2018 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 19941:2017 | Information technology — Cloud computing — Interoperability and portability |
| ISO/IEC TR 38505-2:2018 | Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management |
| ISO/IEC 27017:2015 | Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
| BS ISO/IEC 27009:2016 | Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements |
| BS ISO/IEC 27036-4:2016 | Information technology. Security techniques. Information security for supplier relationships Guidelines for security of cloud services |
| BS ISO/IEC 38505-1:2017 | Information technology. Governance of IT. Governance of data Application of ISO/IEC 38500 to the governance of data |
| I.S. EN ISO/IEC 27000:2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY (ISO/IEC 27000:2016) |
| ISO/IEC 27036-4:2016 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services |
| BS ISO/IEC 29151:2017 | Information technology. Security techniques. Code of practice for personally identifiable information protection |
| ISO/TR 20526:2017 | Account-based ticketing state of the art report |
| BS ISO/IEC 27017:2015 | Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
| DIN ISO/IEC 17789:2016-10 (Draft) | INFORMATION TECHNOLOGY - CLOUD COMPUTING - REFERENCE ARCHITECTURE (ISO/IEC 17789:2014) |
| BS ISO/IEC 19941:2017 | Information technology. Cloud computing. Interoperability and portability |
| 16/30316173 DC : 0 | BS ISO/IEC 19086-1 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 1: OVERVIEW AND CONCEPTS |
| 16/30275200 DC : 0 | BS ISO/IEC 27036-4 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY FOR SUPPLIER RELATIONSHIPS - PART 4: GUIDELINES FOR SECURITY OF CLOUD SERVICES |
| ISO/IEC 24760-3:2016 | Information technology — Security techniques — A framework for identity management — Part 3: Practice |
| BS EN ISO/IEC 27000:2017 | Information technology. Security techniques. Information security management systems. Overview and vocabulary |
| EN ISO/IEC 27000:2017 | Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2016) |
| ISO/IEC TR 20000-9:2015 | Information technology — Service management — Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services |
| PD ISO/IEC TR 20000-9:2015 | Information technology. Service management Guidance on the application of ISO/IEC 20000-1 to cloud services |
| 15/30259619 DC : 0 | BS ISO/IEC 27017 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS BASED ON ISO/IEC 27002 FOR CLOUD SERVICES |
| 16/30333228 DC : 0 | BS ISO/IEC 38505-1 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - PART 1: THE APPLICATION OF ISO/IEC 38500 TO THE GOVERNANCE OF DATA |
| ISO/IEC 29151:2017 | Information technology — Security techniques — Code of practice for personally identifiable information protection |
| ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
| ISO/IEC 27036-4:2016 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO/IEC 27035:2011 | Information technology — Security techniques — Information security incident management |
| ISO/IEC 27002:2013 | Information technology — Security techniques — Code of practice for information security controls |
| ISO/IEC 29191:2012 | Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. |
| ISO/IEC 29134:2017 | Information technology — Security techniques — Guidelines for privacy impact assessment |
| ISO/IEC 27005:2011 | Information technology — Security techniques — Information security risk management |
| AS ISO/IEC 17789:2020 | Information technology - Cloud computing - Reference architecture |
| ISO/IEC 29101:2013 | Information technology — Security techniques — Privacy architecture framework |
| ISO/IEC 27040:2015 | Information technology — Security techniques — Storage security |
| ISO/IEC 27000:2016 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
| ISO/IEC 17788:2014 | Information technology — Cloud computing — Overview and vocabulary |
| BS 10012:2009 | Data protection. Specification for a personal information management system |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : Users cannot be edited or removed once added to your Multi user PDF.