How Cloud Service Providers Can Prove Their Data Security Claims

Cloud service providers (CSPs) often claim that their customers’ personal data is secure in their clouds. You can now check to see whether that is the case, thanks to a global standard published in 2014. People often refer to the standard as ISO 27018  — Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors."

Standard Ensures Privacy and Data Protection

CSPs can use ISO 27018 to prove they are handling personal data in a manner that not only safeguards customers’ data but also protects customers’ privacy. For example, when CSPs follow this standard, they are guaranteeing that they will:

  • Give customers control over their personal data
  • Not use customers’ personal data for marketing or advertising purposes
  • Not let third parties access customers’ personal data, unless a customer allows it
  • Let customers know about any unauthorized access to their data as soon as possible
  • Let customers know when subcontractors will handle their data

ISO 27018 has many other guidelines about how CSPs should protect customers’ privacy and data. They include the need for restrictions that limit or ban transmitting customers’ personal data over public networks and storing it on transportable media. CSPs even need to have proper data backup and recovery procedures in place to achieve ISO 27018 certification.

To become ISO 27018 certified, CSPs must go through a rigorous assessment process. During this process, independent third parties verify that the CSPs are properly handling their customers’ personal data. Once a CSP achieves certification, it must undergo annual audits to maintain that certification.

A Mark of Trust

When a CSP is ISO 27018 certified, you have some assurance that it is protecting its customers’ privacy and data. If your business is looking to store data in a public cloud, make sure you talk to potential CSPs about their efforts to adhere to the ISO 27018 standard.


Thinking about storing and/or backing up your data in the cloud? PC Corp has a cloud based data backup service using a trusted and standards verified cloud service provider. Ask us more. Call your PC Corp Account Manager or contact us below:

Phone: 780-428-3000              Email:

Small Business