Launching safety of personal data in the cloud scheme
The adoption of cloud computing in all sectors is increasing rapidly in order to manage costs and support scalability, however concerns over the privacy and security of data remain. BSI, the business standards company today launches a training and certification scheme for the protection of personal data in the cloud.
ISO 27018 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors has been developed to provide cloud service providers and their customers with the confidence that any personal data processed in a cloud environment is safe from threats, shared only according to their wishes and maintained according to local legal requirements. The certification scheme is relevant for any type or size of organization that provides public cloud computing services.
In order to demonstrate their compliance with the standard, cloud service providers must adopt several practices. These include making customers aware of where their data is stored, ensuring any major system changes are reviewed by independent third parties at regular interviews and documenting any infringements on data security (including steps taken to resolve problems and the possible consequences). In addition, they must identify any local legal requirements and ensure they are adhered to.
Marc Barnes, Managing Director for BSI Group ANZ states, “data is a valuable asset for any organization and any kind of breach can be costly to a business, not least to its reputation. This scheme provides greater reassurance to customers and stakeholders that personal data and information is protected, it helps to reduce risk and ensures compliance with regulatory obligations. By choosing a ISO 27018 certified provider, both organizations and customers can be confident that the supplier has taken the technical and legislative steps necessary to protect one of their most valuable assets.”
ISO/IEC 27018 incorporates ISO/IEC 27001 Information Security Management to ensure that organizations establish a robust management system to protect public cloud data.