Earlier in 2014, the International Standards Organisation (ISO) developed a new voluntary standard, ISO 27018 (Standard), establishing commonly accepted control objectives and guidelines to protect personal information for a public cloud computing environment.
The need to create trust in cloud solutions led to the development of the Standard, in accordance with one of the key goals announced in the 2012 European Cloud Computing Strategy. In adopting an appropriate set of standards for cloud service providers who process personal data, providers can give their customers confidence that they meet their own regulatory obligations on data security.
The Standard focuses on practical recommendations to help cloud providers meet the Standard. Examples include:
Confidentiality agreements and training for those with access to personal information Policies for the return, transfer or disposal of personal information at termination Policies that allow the processing of personal information for marketing or advertising purposes only with customer's express consent Requirements to disclose the...