Welcome to Amtivo in Ireland, formerly Certification Europe and EQA

cert eu logo eqa Logo white

ISO 27018 (PII)

Protection of Personally Identifiable Information (PII)

ISO 27018 is the global standard which organisations use to implement and manage systems that protect Personally Identifiable Information (PII), such as sensitive customer data. It is part of the broader ISO 27001 and ISO 27002 standards, but ISO 27018 focuses on safeguarding PII data on cloud services. Having effective systems for your organisation to become ISO certified increases customer trust and helps meet data protection regulations.

4.8_Feefo rating

Get Started Today

Enter your details below to get started on
your journey to certification.

What Is ISO 27018?

In the ISO 27000 series, ISO 27018 holds a pivotal role, operating as a global standard dedicated to strengthening the safeguarding of Personally Identifiable Information (PII) within cloud environments.

Organisations seeking this ISO certification aim to:

  • Enhance protection of PII: implement robust measures aligned with ISO/IEC 29100 privacy principles to improve the protection of Personally Identifiable Information.
  • Demonstrate compliance and expertise: obtain ISO 27018 certification from an accredited certification body, demonstrating proficiency in cloud data protection and compliance with its standards.
  • Address specific cloud security concerns: showcase readiness in addressing cloud-specific security concerns, thereby instilling confidence in stakeholders.
  • Foster trust and accountability: build trust among customers and stakeholders by showcasing a commitment to responsible data handling and cloud security practices.
Amtivo (Formerly Certification Europe and EQA) - ISO 27018 Protection of Personally Identifiable Information (PII). Row of workers at their desk, a focus on one worker on a call.

What Are the Benefits of ISO 27018?

competitive advantage

Competitive advantage

Improved Safety

Brand protection

Risk reduction

Risk reduction

Compliance with regulations

Compliance assurance

Global market access

Global business opportunities

Competitive Edge

Increased client trust

Cost reduction v2

Cost savings

Resilience and Flexibility

More flexibility

Mobile Accessibility

Mobile accessibility

data protection

Data safeguarding

Misuse risk mitigation

Misuse risk mitigation

Compliance with regulations

Regulatory compliance

Key Requirements of ISO 27018

The ISO 27018 standard outlines a number of requirements that organisations must meet to demonstrate their commitment to protecting personally identifiable information (PII). These include:

tick-icon

Usage consent

Cloud service providers should not use any of their clients' personally identifiable information for advertising and marketing unless explicitly instructed by the data controller.

tick-icon

Data transparency

In case of sub-contracting, cloud providers must inform customers about the data processing details, including subprocessing, implementing function, location and any change related to this.

tick-icon

Data disclosure

Service providers must disclose the geographic location of data, meaning the cloud provider must give the data controllers the ability to restrict the storage and processing of their data.

tick-icon

Robust security
measures

Cloud providers need to implement and maintain appropriate technical and organisational measures to protect PII from accidental or unlawful loss, edits, unauthorised disclosure or access.

tick-icon

Data breach
notifications

In the event of a data breach, the service provider must promptly notify the data controller and have policies and procedures in place to respond to and report about such incidents.

tick-icon

Secure data
handling

When the contractual agreement ends, the cloud service provider must return, transfer, or dispose of personal data in its possession as per the instruction of data controller.

Why You Should Choose Amtivo

  • Ireland-based team that understands your needs
  • Five-star ratings, independently reviewed via Feefo
  • A wide range of training courses to build your expertise
  • Access to a global team with global resources
Why Choose Amtivo

Becoming ISO 27018 Certified

STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
Stage One The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to
Stage Two.
Stage Two The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.
Recommendation for Certification At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.
Certification Review & Decision The organisations files are reviewed by an independent and impartial panel and the certification decision is made.
Certification Achieved Successful certification is communicated to the client. Certificates are issued.

STEP 1
Stage One The initial assessment determines if the mandatory requirements of the standard are being met and if the management system is capable of proceeding to
Stage Two.
STEP 2
Stage Two The second assessment determines the effectiveness of the system, and seeks to confirm that the management system is implemented and operational.
STEP 3
Recommendation for Certification At this point in the process we review any corrective actions taken to address findings raised at Stage 1 & 2. Certification may be recommended.
STEP 4
Certification Review & Decision The organisations files are reviewed by an independent and impartial panel and the certification decision is made.
STEP 5
Certification Achieved Successful certification is communicated to the client. Certificates are issued.

Implementing ISO 27018

Elevating your Personally Identifiable Information (PII) Management System to meet ISO 27018 standards is a collective effort involving a variety of departments. Training courses are essential to prepare your teams and support them in understanding this certification. Amtivo offers a variety of ISO 27018 training courses, both online and face-to-face, to meet your needs. 

Our trainer-led courses are delivered by PII management experts, these courses cover implementation strategies, auditing techniques and continuous improvement practices. 

ISO 27018 FAQs

What is ISO 27018:2019?

ISO 27018:2019 is the latest standard in the ISO 27018 collection. Amtivo assessors only provide accreditation to organisations to the latest standard.

What industries implement ISO 27018?

ISO 27018 certification is suitable for any organisation, large or small, in any sector.

The standard is especially suitable for protecting personal data such as payroll, HR or client’s payment details stored in a cloud environment. All organisations that collect, process and store personal data must demonstrate compliance with GDPR and show how they protect data.

If your organisation is already implementing an ISO 27001 ISMS, then you are covered for 70% of the regulations within ISO 27018. However, if you are operating using cloud base technologies then this standard has been seen as an effective bolt-on standard as companies wish to demonstrate GDPR compliance specifically with data that is stored on the cloud.

How long does the ISO 27018 certification last?

ISO 27018 certification lasts for approximately three years. During this period, assessors are required to complete routine surveillance assessments every six months to ensure compliance with ISO 27018 standards.

Sign Up to Our Newsletter

Enter your details below to ensure you stay up to date with all the latest certification news and expert insights.

Related ISO Certifications

ISO 9001

Certification to ISO 9001 is one way to demonstrate to stakeholders and customers that you are committed and able to consistently deliver high quality products.

ISO 14001

Want to better manage your environmental impact and lower costs? Amtivo offers comprehensive ISO 14001 certification, auditing and training.

ISO 45001

Comply with occupational health and safety regulations and reduce insurance premiums with an ISO 45001 certification.

ISO 50001

Reduce energy usage, lower operation costs and reduce your business's impact on the environment with an ISO 50001 Certification for energy management.

ISO 13485

Ensure your medical device business is complying with industry regulation and effectively manage risk with Amtivo's globally recognised ISO 13495 certification.

ISO 27001

Protect customer data, avoid security risks, demonstrate compliance and stay competitive with an ISO 27001 certification for your ISMS. Contact us for a free quote.

ISO 27017

Boost cloud data security and comply with strict data regulations with an ISO 27017 certification.

ISO 27701

Better protect sensitive data and reduce the risk of security breaches and legal costs with an ISO 27001 certified Privacy Information Management System.

ISO 20000-1

With an Amtivo ISO 20000-1 certification, your business can showcase its commitment to delivering satisfying and high-quality, yet cost-efficient, IT services.

ISO 22301

Protect your business from disruption and disaster with an ISO 23001 certification from Amtivo.

ISO 20121

An ISO 20121 certification for event sustainability management can help you reduce waste and energy usage, boosting your company reputation and delivering a competitive edge.