Quick Search

Global Sustainability Services

Professional Services for Emerging International Standards  |  ISO 39001  |  ISO 41001  |  ISO 30401  |  ISO 20121  |  ISO/IEC 29100  |  ISO/IEC 27032  |  ISO/IEC 27018  |  ISO/IEC 27017  

ISO/IEC 27018

Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

Information security and data protection can certainly be addressed with management tools, but in broader terms, privacy is a social issue with impacts well beyond the data stored and managed by cloud services. This requires that governments, enterprises, academia and consumers reflect on the wider issues of harms and risks and, in particular, the consequences of decisions taken in their deployments of cloud services. Published in 2014, ISO/IEC 27018 is the first International Standard that focuses on protection of personal data in the cloud.



  • Help cloud service providers that process personally identifiable information to address applicable legal obligations as well as customer expectations
  • Enable transparency so customers can choose well-governed cloud services
  • Facilitate the creation of contracts for cloud services
  • Provide cloud customers with a mechanism to ensure cloud providers’ compliance with legal and other obligation

Apply Enquiry Request Quotation Terms & Condition


Last Update: 2024-07-12   Disclaimer and Copyright
Copyright © 2024 Hong Kong Quality Assurance Agency. All rights reserved.