标准号 | ISO/IEC 27018 ed1.0 |
标准名称 | Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
发布日期 | 2014-07-29 |
国际标准分类号(ICS) | 35.040Character sets and information coding*Including coding of audio, picture, multimedia and hypermedia information, IT security techniques, encryption, bar coding, electronic signatures, etc. |
技术委员会 | JTC 1/SC 27- IT security techniques |
摘要 | ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations. |
来源 | IEC |
浏览:1812 收藏:
您可能还需要
- Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs) -- Part 5-6-2: Systems engineering -- Management and engineering guide: Generic profile group: Basic profile
- Information technology -- Procedures for the operation of object identifier registration authorities -- Part 8: Generation of universally unique identifiers (UUIDs) and their use in object identifiers
- Information technology -- Magnetic stripes on savingsbooks
- Corrigendum 1 - Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange
- Identification cards -- Recording technique -- Part 2: Magnetic stripe -- Low coercivity
- Information technology -- Automatic identification and data capture techniques -- Part 1: Security services for RFID air interfaces