International Standard
ISO/IEC 27018:2025
Information security, cybersecurity and privacy protection — Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors
Reference number
ISO/IEC 27018:2025
Edition 3
2025-08
© ISO 2026
Preview
недоступно на русском языке
Опубликовано (Версия 3, 2025)

ISO/IEC 27018:2025

Язык
Формат
CHF 179
* Pасходы на перевозку должны оплачиваться
Пересчитать швейцарские франки (CHF) в ваша валюта

What is ISO/IEC 27018?

ISO/IEC 27018 provides guidance for protecting personally identifiable information (PII) in public cloud services, specifically when the cloud service provider acts as a PII processor. Built on ISO/IEC 27002, this standard outlines controls and principles tailored to cloud environments, ensuring that cloud providers handle PII responsibly, transparently, and securely.

Why is ISO/IEC 27018 important?

As cloud computing becomes the default mode of service delivery, organizations must ensure that personal data stored and processed in the cloud is properly safeguarded. ISO/IEC 27018 helps cloud providers meet legal, contractual, and ethical obligations regarding PII. It supports compliance across jurisdictions, enhances customer trust, and provides a clear structure for data protection in the cloud.

 

Benefits

  • Enhances trust by aligning with global privacy principles
  • Clarifies roles and responsibilities between cloud providers and customers
  • Helps cloud providers meet regulatory and contractual obligations
  • Supports transparency, auditability and accountability in PII processing
  • Facilitates privacy-by-design in cloud service development

 

FAQ

Public cloud service providers acting as PII processors, as well as organizations evaluating cloud providers or seeking to ensure their own compliance when outsourcing data processing.

It extends ISO/IEC 27002 by adapting controls specifically for cloud-based PII processing, and it complements an ISO/IEC 27001-based information security management system (ISMS).

The 2025 edition has been aligned with the updated ISO/IEC 27002:2022, ensuring consistency across standards. It also includes a new Annex B, offering extended implementation guidance.

It covers any personally identifiable information (PII) handled by public cloud providers on behalf of customers — including collection, storage, processing, transmission, and deletion.

Buy together

Package - 13% discount
Information Security & Privacy Compliance Package

Privacy, Cloud & Security: all covered!
This package features three essential ISO/IEC standards: one for robust information security management (ISMS), one for privacy management, and one focused on cloud-specific data protection.

  • ISO/IEC 27701:2025
  • ISO/IEC 27018:2025
  • ISO/IEC 27001:2022
English | PDF
CHF 559 CHF 486

Общая информация

  • Текущий статус
     : Опубликовано
    Дата публикации
     : 2025-08
    Этап
    : Опубликование международного стандарта [60.60]
  • Версия
     : 3
  • Технический комитет :
    ISO/IEC JTC 1/SC 27
    ICS :
    35.030 
  • RSS обновления

Жизненный цикл

Появились вопросы?

Ознакомьтесь с FAQ

  2. Интернет-магазин
  3. Интернет-магазин
  4. МКС
  5. 35
  6. 35.030
  7. ISO/IEC 27018:2025