ISO/IEC 27018:2014
Withdrawn
View Superseded by
Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Hardcopy , PDF
English
07-29-2014
04-09-2025
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
| DocumentType |
Standard
|
| Pages |
23
|
| PublisherName |
International Organization for Standardization
|
| Status |
Withdrawn
|
| SupersededBy |
| Standards | Relationship |
| NEN ISO/IEC 27018 : 2014 | Identical |
| NBN ISO/IEC 27018 : 2014 | Identical |
| NS ISO/IEC 27018 : 2014 | Identical |
| DIN ISO/IEC 27018:2017-08 | Identical |
| PN ISO/IEC 27018 : 2017 | Identical |
| BS ISO/IEC 27018:2014 | Identical |
| DS ISO/IEC 27018 : 2014 | Identical |
| PD ISO/TR 20526:2017 | Account-based ticketing state of the art report |
| 18/30346433 DC : 0 | BS ISO/IEC 19086-4 - INFORMATION TECHNOLOGY - CLOUD COMPUTING SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 4: SECURITY AND PRIVACY |
| 15/30319488 DC : 0 | BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| BS ISO/IEC 19086-1:2016 | Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts |
| ISO/IEC 38505-1:2017 | Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data |
| BS ISO/IEC 27000 : 2016 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| ISO/IEC 27009:2016 | Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements |
| ISO/IEC 19086-1:2016 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts |
| DIN ISO/IEC 17789:2017-07 | INFORMATION TECHNOLOGY - CLOUD COMPUTING - REFERENCE ARCHITECTURE (ISO/IEC 17789:2014) |
| 18/30348902 DC : 0 | BS ISO/IEC 21878 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY GUIDELINES FOR DESIGN AND IMPLEMENTATION OF VIRTUALIZED SERVERS |
| BS ISO/IEC 17789:2014 | Information technology. Cloud computing. Reference architecture |
| ISO/IEC 27000:2018 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 19941:2017 | Information technology — Cloud computing — Interoperability and portability |
| ISO/IEC TR 38505-2:2018 | Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management |
| ISO/IEC 27017:2015 | Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
| BS ISO/IEC 27009:2016 | Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements |
| BS ISO/IEC 27036-4:2016 | Information technology. Security techniques. Information security for supplier relationships Guidelines for security of cloud services |
| BS ISO/IEC 38505-1:2017 | Information technology. Governance of IT. Governance of data Application of ISO/IEC 38500 to the governance of data |
| I.S. EN ISO/IEC 27000:2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY (ISO/IEC 27000:2016) |
| ISO/IEC 27036-4:2016 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services |
| BS ISO/IEC 29151:2017 | Information technology. Security techniques. Code of practice for personally identifiable information protection |
| ISO/TR 20526:2017 | Account-based ticketing state of the art report |
| BS ISO/IEC 27017:2015 | Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
| DIN ISO/IEC 17789:2016-10 (Draft) | INFORMATION TECHNOLOGY - CLOUD COMPUTING - REFERENCE ARCHITECTURE (ISO/IEC 17789:2014) |
| BS ISO/IEC 19941:2017 | Information technology. Cloud computing. Interoperability and portability |
| 16/30316173 DC : 0 | BS ISO/IEC 19086-1 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 1: OVERVIEW AND CONCEPTS |
| 16/30275200 DC : 0 | BS ISO/IEC 27036-4 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY FOR SUPPLIER RELATIONSHIPS - PART 4: GUIDELINES FOR SECURITY OF CLOUD SERVICES |
| ISO/IEC 24760-3:2016 | Information technology — Security techniques — A framework for identity management — Part 3: Practice |
| BS EN ISO/IEC 27000:2017 | Information technology. Security techniques. Information security management systems. Overview and vocabulary |
| EN ISO/IEC 27000:2017 | Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2016) |
| ISO/IEC TR 20000-9:2015 | Information technology — Service management — Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services |
| PD ISO/IEC TR 20000-9:2015 | Information technology. Service management Guidance on the application of ISO/IEC 20000-1 to cloud services |
| 15/30259619 DC : 0 | BS ISO/IEC 27017 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS BASED ON ISO/IEC 27002 FOR CLOUD SERVICES |
| 16/30333228 DC : 0 | BS ISO/IEC 38505-1 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - PART 1: THE APPLICATION OF ISO/IEC 38500 TO THE GOVERNANCE OF DATA |
| ISO/IEC 29151:2017 | Information technology — Security techniques — Code of practice for personally identifiable information protection |
| ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
| ISO/IEC 27036-4:2016 | Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO/IEC 27035:2011 | Information technology — Security techniques — Information security incident management |
| ISO/IEC 27002:2013 | Information technology — Security techniques — Code of practice for information security controls |
| ISO/IEC 29191:2012 | Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. |
| ISO/IEC 29134:2017 | Information technology — Security techniques — Guidelines for privacy impact assessment |
| ISO/IEC 27005:2011 | Information technology — Security techniques — Information security risk management |
| AS ISO/IEC 17789:2020 | Information technology - Cloud computing - Reference architecture |
| ISO/IEC 29101:2013 | Information technology — Security techniques — Privacy architecture framework |
| ISO/IEC 27040:2015 | Information technology — Security techniques — Storage security |
| ISO/IEC 27000:2016 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 17789:2014 | Information technology — Cloud computing — Reference architecture |
| ISO/IEC 17788:2014 | Information technology — Cloud computing — Overview and vocabulary |
| BS 10012:2009 | Data protection. Specification for a personal information management system |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Please Login or Create an Account so you can add users to your Multi user PDF Later.
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Users cannot be edited or removed once added to your Multi user PDF.