UKCloud, a British cloud services company formerly known as Skyscape Cloud Services Limited, has achieved certification against the ISO27018 information security standard – for the protection of personally identifiable information (PII) in public clouds. UKCloud claims to be the first UK company to be awarded this status by certification body, LRQA. UKCloud has also successfully re-certified against the ISO20000 standard for IT Service Management for a further three years.
The recently introduced ISO27018 augments the existing ISO27002 standard’s control set with a specific focus on cloud privacy and the protection of personal data. Some of the ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities, and regulations related to a customer’s right to access and delete personal data.
“As cloud computing becomes more widely adopted, public sector organizations with considerable data protection responsibilities understandably have significant concerns when it comes to how their information is processed, stored and protected,” said John Godwin, Director of Compliance and Information Assurance, UKCloud. “ISO27018 delivers a more comprehensive framework of controls when it comes to the protection of personally identifiable data in the cloud; our certification means our customer base, which is exclusively comprised of public sector organizations, can be assured that their data is in safe hands.”
With the upcoming introduction of the EU General Data Protection Regulation (EU GDPR) in May 2018, ISO27018 closely aligns with many of the requirements of this new data protection legislation. It is expected to become an established method of assessing compliance against the new Regulation for cloud service providers.
“We’re pleased to be leading the way as the first UK company to have achieved certification against ISO27018,” added Mr. Godwin. “As an early adopter of the standard, we are once again demonstrating our continued commitment to delivering agile services with the highest possible levels of security assurance.”