Cyberday.ai
Get started
Login
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
NIS2 introduction
Show all videos
Helps
Documentation
For admins
For partners
Frameworks
Guideline mgmt
Other features
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
6 ways to assess security work effectiveness
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Content library
ISO 27018

ISO 27018

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

Framework description

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

  • Documentation related to processing personally identifiable information (PII).
  • Tasks related to purpose, data and retention minimization.
  • Advanced tasks related to the information security while processing PII.

ISO 27018 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.

Related cyber security themes

Privacy
Cyber security
Public sector
Connected requirements:
28

Requirements included in the framework

13
ISO 27018

Communications security

13.2
ISO 27018

Information transfer

13.2.1
ISO 27018

Information transfer policies and procedures

9
ISO 27018

Access control

9.2
ISO 27018

User access management

9.2.1
ISO 27018

User registration and de-registration

9.4
ISO 27018

System and application access management

9.4.2
ISO 27018

Secure log-on procedures

A.10
ISO 27018

Accountability

A.10.1
ISO 27018

Notification of a data breach involving PII

A.10.2
ISO 27018

Retention period for administrative security policies and guidelines

A.10.3
ISO 27018

PII return, transfer and disposal

A.11
ISO 27018

Information security

A.11.1
ISO 27018

Confidentiality or non-disclosure agreements

A.11.10
ISO 27018

User ID management

A.11.11
ISO 27018

Contract measures

A.11.12
ISO 27018

Sub-contracted PII processing

A.11.13
ISO 27018

Access to data on pre-used data storage space

A.11.2
ISO 27018

Restriction of the creation of hardcopy material

A.11.3
ISO 27018

Control and logging of data restoration

A.11.4
ISO 27018

Protecting data on storage media leaving the premises

A.11.5
ISO 27018

Use of unencrypted portable storage media and devices

A.11.6
ISO 27018

Encryption of PII transmitted over public data-transmission networks

A.11.7
ISO 27018

Secure disposal of hardcopy materials

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Settings & advanced
User management
NIS2
Continuous improvement
Risk management
Show all
Webinars
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all
Videos
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
ISO 27001 and personnel awareness
Show all
Helps
Documentation
For partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
6 ways to assess security work effectiveness
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.