ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).
- Documentation related to processing personally identifiable information (PII).
- Tasks related to purpose, data and retention minimization.
- Advanced tasks related to the information security while processing PII.
ISO 27018 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.