BSI launches certification for safety of personal data in the cloud

by Brianna Crandall — January 20, 2016—The adoption of cloud computing in all sectors is increasing rapidly in order to manage costs and support scalability; however, concerns over the privacy and security of data remain. BSI, the U.K.-based business standards company, recently launched a training and certification program for the protection of personal data in the cloud.

The new ISO 27018-based program was developed to provide cloud service providers and their customers with the confidence that any personal data processed in a cloud environment is safe from threats, shared only according to their wishes, and maintained according to local legal requirements. The certification scheme is relevant for any type or size of organization that provides public cloud computing services, says BSI.

In order to demonstrate their compliance with the standard, cloud service providers must adopt several practices. These include making customers aware of where their data is stored, ensuring any major system changes are reviewed by independent third parties at regular interviews, and documenting any infringements on data security (including steps taken to resolve problems, and the possible consequences). In addition, they must identify any local legal requirements and ensure they are adhered to.

Kaara Pallop, global portfolio manager at BSI, commented:

Data is a valuable asset for any organization and any kind of breach can be costly to a business, not least to its reputation. This scheme provides greater reassurance to customers and stakeholders that personal data and information is protected; it helps to manage risk and ensures compliance with regulatory obligations. By choosing a[n] ISO 27018 certified provider, both organizations and customers can be confident that the supplier has taken the technical and legislative steps necessary to protect one of their most valuable assets.

ISO 27018 incorporates ISO 27001 Information Technology — Security Techniques — Information Security Management Systems — Requirements to ensure that organizations establish a robust management system to protect public cloud data.

The basis of the new certification program, ISO 27018 Information Technology — Security Techniques — Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors, is available for purchase from BSI.