Résumé 

ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.

The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.


Informations générales

  • État actuel :  Annulée
    Date de publication : 2014-08
  • Edition : 1
  • :
    ISO/IEC JTC 1/SC 27
    Sécurité de l’information, cybersécurité et protection de la vie privée
  • 35.030
    Sécurité des technologies de l’information

Cycle de vie

Les normes ISO sont réexaminées tous les cinq ans



Révision / Rectificatifs techniques

Vous avez une question?

Consulter notre FAQ

Service à la clientèle
+41 22 749 08 88

Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)

Suivez l'actualité de l'ISO

Inscrivez-vous à notre Newsletter (en anglais) pour suivre nos actualités, points de vue et informations sur nos produits.