Information Security & Privacy Compliance Package
Privacy, cloud and security: all covered!
Data protection and privacy are critical in today's digital landscape. Organizations face increasing regulatory pressure and customer expectations for secure handling of personal information – especially in cloud environments. This package features three essential ISO/IEC standards: one for robust information security management (ISMS), one for privacy management, and one focused on cloud-specific data protection.
Included standards
- ISO/IEC 27701:2025 – Privacy Information Management System (PIMS)
The global standard helping organizations safeguard personally identifiable information (PII), manage privacy risks, and demonstrate compliance with GDPR and global privacy regulations.
The 2025 edition is now a standalone standard that enables organizations with less complex frameworks to implement and certify privacy controls independently of ISO 27001, while still allowing seamless integration with ISO 27001 for those who need it.
- ISO/IEC 27018:2025 – Protection of personal data in cloud computing
Provides guidelines for protecting personally identifiable information (PII) in public cloud services when the cloud provider acts as a PII processor.
The 2025 edition has been aligned with ISO/IEC 27002:2022, ensuring consistency across standards. Addresses cloud-specific privacy risks and builds customer trust. Note: ISO 27018 is a code of practice and guideline, not independently certifiable – it complements ISO 27001 certification.
- ISO/IEC 27001:2022 – Information Security Management Systems (ISMS)
The foundation for information security risk management covering confidentiality, integrity, and availability of information. Relevant for organizations seeking a comprehensive security management framework alongside privacy.
Information Security & Privacy Compliance Package
Information Security & Privacy Compliance Package
pub200277
CHF
486
Information Security & Privacy Compliance Package13% discount
Digital version (PDF), English
Information Security & Privacy Compliance PackageCHF 559pub200277CHF 486Convert Swiss francs (CHF) to your currency
Why choose this package?
- Privacy-first option: ISO 27701:2025 enables independent PIMS certification, allowing you to demonstrate privacy compliance without needing full ISMS certification—lowering barriers to entry for privacy-focused organizations.
- Cloud confidence: Implement recognized safeguards with ISO 27018 for cloud data privacy, built on ISO/IEC 27002 and tailored for cloud environments.
- Integrated security: Combine foundational security with specialized privacy and cloud protections to build trust and streamline audits.
Who needs this package?
- Organizations handling personal data in cloud environments (SaaS, IaaS, PaaS)
- Compliance teams preparing for GDPR audits or privacy-focused reviews
- Businesses seeking privacy certification independently or integrated with ISO 27001
- Cloud service providers processing PII on behalf of customers
Comparison table
| ISO/IEC 27001 | ISO/IEC 27701 | ISO/IEC 27018 | |
|---|---|---|---|
| Scope | Information security management system (ISMS) for all info assets | Standalone Privacy Information Management System (PIMS) focused on personal data privacy governance, no longer requiring ISO 27001 certification | Cloud-specific guidelines for protecting personally identifiable information (PII) in public cloud environments where providers act as PII processors |
| Primary focus | Cloud-specific guidelines for protecting personally identifiable information (PII) in public cloud environments where providers act as PII processors | Comprehensive privacy risk management including GDPR, CCPA, LGPD, and more, with stronger focus on consent, transparency, AI, cloud, and cross-border data transfers | Comprehensive privacy risk management including GDPR, CCPA, LGPD, and more, with stronger focus on consent, transparency, AI, cloud, and cross-border data transfers |
| Applicable organizations | All organizations seeking information security | Organizations focused on privacy management—SMEs, startups, healthcare providers, fintechs, e-commerce platforms, and AI-driven companies—even without a full ISMS in place | Public cloud service providers acting as PII processors, and their customers |
| Relationship to other standards | Foundation standard for information security management | Now fully standalone, but remains aligned structurally and terminologically with ISO 27001:2022 and ISO 27002:2022 for seamless integration | Extends ISO/IEC 27002 for cloud environments; complements ISO/IEC 27001-based ISMS |
| Key controls | 93 information security controls grouped into organizational, people, physical, and technological categories | Includes 34 controller controls, 21 processor controls, and 31 shared information security controls selected from ISO 27001 that have direct impact on privacy | Cloud-specific controls building on ISO/IEC 27002, addressing privacy principles for public cloud PII processing |
| Certification approach | Cloud-specific controls building on ISO/IEC 27002, addressing privacy principles for public cloud PII processing | Cloud-specific controls building on ISO/IEC 27002, addressing privacy principles for public cloud PII processing |
Not independently certifiable: assessed as part of ISO 27001 certification; cloud providers can demonstrate ISO 27018 compliance within their ISO 27001 audit |
Package content
- ISO/IEC 27701:2025Information security, cybersecurity and privacy protection — Privacy information management systems — …
- ISO/IEC 27018:2025Information security, cybersecurity and privacy protection — Guidelines for protection of personally …
- ISO/IEC 27001:2022Information security management systems
Related publications
- ISO/IEC 27002:2022Information security, cybersecurity and privacy protection — Information security controls
- ISO/IEC 27001:2022 - Information Security Management Systems - A practical guide for SMEsISO/IEC 27001:2022 - Information Security Management Systems - A practical guide for SMEs has been authored …