iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN ISO/IEC 27018:2020

(Main)

Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2019)

Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2019)

This document establishes commonly accepted control objectives, controls and guidelines for
implementing measures to protect Personally Identifiable Information (PII) in line with the privacy
principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration
the regulatory requirements for the protection of PII which can be applicable within the context of the
information security risk environment(s) of a provider of public cloud services.
This document is applicable to all types and sizes of organizations, including public and private
companies, government entities and not-for-profit organizations, which provide information processing
services as PII processors via cloud computing under contract to other organizations.
The guidelines in this document can also be relevant to organizations acting as PII controllers. However,
PII controllers can be subject to additional PII protection legislation, regulations and obligations, not
applying to PII processors. This document is not intended to cover such additional obligations.

Informationstechnik - Sicherheitsverfahren - Leitfaden zum Schutz personenbezogener Daten (PII) in öffentlichen Cloud-Diensten als Auftragsdatenverarbeitung (ISO/IEC 27018:2019)

Technologies de l'information - Techniques de sécurité - Code de bonnes pratiques pour la protection des informations personnelles identifiables (PII) dans l'informatique en nuage public agissant comme processeur de PII (ISO/IEC 27018:2019)

Le présent document établit des objectifs de sécurité communément acceptés, des mesures de sécurité et des lignes directrices de mise en œuvre de mesures destinées à protéger les informations personnelles identifiables (PII) conformément aux principes de protection de la vie privée de l'ISO/IEC 29100 pour l'environnement informatique en nuage public.
En particulier, le présent document spécifie des lignes directrices dérivées de l'ISO/IEC 27002, en tenant compte des exigences réglementaires relatives à la protection des PII, qui peuvent être applicables dans le contexte du ou des environnements de risque liés à la sécurité de l'information d'un fournisseur de services en nuage public.
Le présent document s'applique aux organismes de tous types et de toutes tailles, y compris les sociétés publiques et privées, les entités gouvernementales et les organismes à but non lucratif, qui offrent des services de traitement de l'information en tant que processeurs de PII via l'informatique en nuage sous contrat auprès d'autres organismes.
Les lignes directrices du présent document peuvent également s'appliquer aux organismes agissant en tant que contrôleurs de PII. Cependant, les contrôleurs de PII peuvent être soumis à d'autres lois, réglementations et obligations en matière de protection des PII qui ne s'appliquent pas aux processeurs de PII. Le présent document n'a pas pour objet de couvrir des obligations supplémentaires.

Informacijska tehnologija - Varnostne tehnike - Pravila ravnanja za zaščito osebno prepoznavnih informacij (PII) v javnih oblakih, ki delujejo kot procesorji PII (ISO/IEC 27018:2019)

General Information

Status
Published
Public Enquiry End Date
31-Mar-2020
Publication Date
22-Jun-2020
ICS
35.030 - IT Security
35.210 - Cloud computing
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
18-Jun-2020
Due Date
23-Aug-2020
Completion Date
23-Jun-2020
Ref Project
EN ISO/IEC 27018:2020 - Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2019)

Buy Standard

EN ISO/IEC 27018:2020EN ISO/IEC 27018:2020
PreviousNext
Standard
EN ISO/IEC 27018:2020
English language
35 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN ISO/IEC 27018:2020EN ISO/IEC 27018:2020
PreviousNext
Standard
EN ISO/IEC 27018:2020
English language
35 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN ISO/IEC 27018:2020prEN ISO/IEC 27018:2020
PreviousNext
Draft
prEN ISO/IEC 27018:2020
English language
32 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO/IEC 27018:2020
01-september-2020
Informacijska tehnologija - Varnostne tehnike - Pravila ravnanja za zaščito osebno
prepoznavnih informacij (PII) v javnih oblakih, ki delujejo kot procesorji PII
(ISO/IEC 27018:2019)
Information technology - Security techniques - Code of practice for protection of
personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC
27018:2019)
Informationstechnik - Sicherheitsverfahren - Leitfaden zum Schutz personenbezogener
Daten (PII) in öffentlichen Cloud-Diensten als Auftragsdatenverarbeitung (ISO/IEC
27018:2019)
Technologies de l'information - Techniques de sécurité - Code de bonnes pratiques pour
la protection des informations personnelles identifiables (PII) dans l'informatique en
nuage public agissant comme processeur de PII (ISO/IEC 27018:2019)
Ta slovenski standard je istoveten z: EN ISO/IEC 27018:2020
ICS:
35.030 Informacijska varnost IT Security
SIST EN ISO/IEC 27018:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 27018:2020

---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 27018:2020


EUROPEAN STANDARD
EN ISO/IEC 27018

NORME EUROPÉENNE

EUROPÄISCHE NORM
May 2020
ICS 35.030

English version

Information technology - Security techniques - Code of
practice for protection of personally identifiable
information (PII) in public clouds acting as PII processors
(ISO/IEC 27018:2019)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren - Leitfaden
- Code de bonnes pratiques pour la protection des zum Schutz personenbezogener Daten (PII) in
informations personnelles identifiables (PII) dans öffentlichen Cloud-Diensten als
l'informatique en nuage public agissant comme Auftragsdatenverarbeitung (ISO/IEC 27018:2019)
processeur de PII (ISO/IEC 27018:2019)
This European Standard was approved by CEN on 3 May 2020.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27018:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 27018:2020
EN ISO/IEC 27018:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 27018:2020
EN ISO/IEC 27018:2020 (E)
European foreword
The text of ISO/IEC 27018:2019 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
EN ISO/IEC 27018:2020 by Technical Committee CEN/CLC/JTC 13 “Cybersecurity and Data Protection”
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by November 2020, and conflicting national standards
shall be withdrawn at the latest by November 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark
...

SLOVENSKI STANDARD
SIST EN ISO/IEC 27018:2020
01-september-2020
Informacijska tehnologija - Varnostne tehnike - Pravila ravnanja za zaščito osebno
prepoznavnih informacij (PII) v javnih oblakih, ki delujejo kot procesorji PII
(ISO/IEC 27018:2019)
Information technology - Security techniques - Code of practice for protection of
personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC
27018:2019)
Informationstechnik - Sicherheitsverfahren - Leitfaden zum Schutz personenbezogener
Daten (PII) in öffentlichen Cloud-Diensten als Auftragsdatenverarbeitung (ISO/IEC
27018:2019)
Technologies de l'information - Techniques de sécurité - Code de bonnes pratiques pour
la protection des informations personnelles identifiables (PII) dans l'informatique en
nuage public agissant comme processeur de PII (ISO/IEC 27018:2019)
Ta slovenski standard je istoveten z: EN ISO/IEC 27018:2020
ICS:
35.030 Informacijska varnost IT Security
35.210 Računalništvo v oblaku Cloud computing
SIST EN ISO/IEC 27018:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO/IEC 27018:2020

---------------------- Page: 2 ----------------------
SIST EN ISO/IEC 27018:2020


EUROPEAN STANDARD
EN ISO/IEC 27018

NORME EUROPÉENNE

EUROPÄISCHE NORM
May 2020
ICS 35.030

English version

Information technology - Security techniques - Code of
practice for protection of personally identifiable
information (PII) in public clouds acting as PII processors
(ISO/IEC 27018:2019)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren - Leitfaden
- Code de bonnes pratiques pour la protection des zum Schutz personenbezogener Daten (PII) in
informations personnelles identifiables (PII) dans öffentlichen Cloud-Diensten als
l'informatique en nuage public agissant comme Auftragsdatenverarbeitung (ISO/IEC 27018:2019)
processeur de PII (ISO/IEC 27018:2019)
This European Standard was approved by CEN on 3 May 2020.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

















CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27018:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST EN ISO/IEC 27018:2020
EN ISO/IEC 27018:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO/IEC 27018:2020
EN ISO/IEC 27018:2020 (E)
European foreword
The text of ISO/IEC 27018:2019 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
EN ISO/IEC 27018:2020 by Technical Committee CEN/CLC/JTC 13 “Cybersecurity and Data Protection”
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by November 2020, and conflicting national standards
shall be withdrawn at the latest by November 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulga
...

SLOVENSKI STANDARD
oSIST prEN ISO/IEC 27018:2020
01-marec-2020
Informacijska tehnologija - Varnostne tehnike - Pravila ravnanja za zaščito osebno
prepoznavnih informacij (PII) v javnih oblakih, ki delujejo kot procesorji PII
(ISO/IEC 27018:2019)
Information technology - Security techniques - Code of practice for protection of
personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC
27018:2019)
Informationstechnik - Sicherheitsverfahren - Leitfaden zum Schutz personenbezogener
Daten (PII) in öffentlichen Cloud-Diensten als Auftragsdatenverarbeitung (ISO/IEC
27018:2019)
Technologies de l'information - Techniques de sécurité - Code de bonnes pratiques pour
la protection des informations personnelles identifiables (PII) dans l'informatique en
nuage public agissant comme processeur de PII (ISO/IEC 27018:2019)
Ta slovenski standard je istoveten z: prEN ISO/IEC 27018
ICS:
35.030 Informacijska varnost IT Security
oSIST prEN ISO/IEC 27018:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO/IEC 27018:2020

---------------------- Page: 2 ----------------------
oSIST prEN ISO/IEC 27018:2020
INTERNATIONAL ISO/IEC
STANDARD 27018
Second edition
2019-01
Information technology — Security
techniques — Code of practice for
protection of personally identifiable
information (PII) in public clouds
acting as PII processors
Technologies de l'information — Techniques de sécurité — Code de
bonnes pratiques pour la protection des informations personnelles
identifiables (PII) dans l'informatique en nuage public agissant
comme processeur de PII
Reference number
ISO/IEC 27018:2019(E)
©
ISO/IEC 2019

---------------------- Page: 3 ----------------------
oSIST prEN ISO/IEC 27018:2020
ISO/IEC 27018:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO/IEC 27018:2020
ISO/IEC 27018:2019(E)

Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview . 3
4.1 Structure of this document . 3
4.2 Control categories . 4
5 Information security policies . 4
5.1 Management direction for information security . 4
5.1.1 Policies for information security.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO/IEC 27017:2021(Main)
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
EN ISO/IEC 27017:2021

This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27017:2021(Main)
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
EN ISO/IEC 27017:2021

This Recommendation | International Standard gives guidelines for information security controls applicable to the
provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service
providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 17993:2023(Main)
Calibration and accuracy of non-catching precipitation measurement instruments
CEN/TR 17993:2023

Non-catching type gauges are the emerging class of in situ precipitation measurement instruments. For these instruments, rigorous testing and calibration are more challenging than for traditional gauges. Hydrometeors’ characteristics like particle size, shape, fall velocity and density need to be reproduced in a controlled environment to provide the reference precipitation, instead of the equivalent water flow used for catching-type gauges. They are generally calibrated by the manufacturers using internal procedures developed for the specific technology employed. No agreed methodology exists, and the adopted procedures are rarely traceable to internationally recognized standards. This document describes calibration and accuracy issues of non-catching instruments used for liquid/solid atmospheric precipitation measurement. An overview of the existing models of non-catching type instruments is included, together with an overview and a description of their working principles and the adopted calibration procedures. The literature and technical manuals disclosed by manufacturers are summarized and discussed, while current limitations and metrological requirements are identified.

  • Technical report
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 55016-2-3:2017/A2:2023(Amendment)
Specification for radio disturbance and immunity measuring apparatus and methods - Part 2-3: Methods of measurement of disturbances and immunity - Radiated disturbance measurements
EN 55016-2-3:2017/A2:2023
  • Amendment
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 50700:2023(Main)
Information technology - Premises distribution access network (PDAN) cabling to support deployment of optical broadband networks
EN 50700:2023

This document specifies the optical fibre access network cabling within multi-subscriber premises termed the premises distribution access network (PDAN). The premises may comprise single or multiple buildings.
The cabling specified is intended to be pre-installed, in readiness for subsequent connection of the multi-subscriber premises to an access providers infrastructure to support deployment of optical broadband networks.
This document does not specify either the access network cabling external to the premises or the cabling within the subscriber space for onward distribution of services beyond the customer premises equipment.
This document specifies:
a)   the structure and configuration of the optical fibre cabling;
b)   cabling performance requirements;
c)   implementation options.
Safety practices in relation to optical power hazard are specified in EN 60825-2. Optical powers higher than the hazard levels specified in EN 60825-2 are not considered in this document.
Safety (electrical safety, fire, etc.) and electromagnetic compatibility (EMC) requirements are outside the scope of this document and are covered by other standards and regulations. However, information given in this document may be of assistance in meeting these standards and regulations.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 24187:2023(Main)
Principles for the analysis of microplastics present in the environment (ISO 24187:2023)
EN ISO 24187:2023

Development of technical principles, which will be used across the board for future standardization
projects on testing methods for plastics and microplastics in various matrices (in particular water, soil,
compost, sewage sludge, biota). This includes the following::
- Description of necessary working conditions in the laboratory
- Description of necessary working conditions in the field
- safety instructions
- Proposals for harmonisation of size classes to be considered
- Proposals to harmonise the indication of results
- Notes on matrix-specific particularities with regard to the representativeness of the results

  • Standard
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 12736-1:2023(Main)
Oil and gas industries including lower carbon energy - Wet thermal insulation systems for pipelines and subsea equipment - Part 1: Validation of materials and insulation systems (ISO 12736-1:2023)
EN ISO 12736-1:2023
  • Standard
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 5211:2023(Main)
Industrial valves - Part-turn actuator attachments (ISO 5211:2023)
EN ISO 5211:2023

ISO 5211:2017 specifies requirements for the attachment of part-turn actuators, with or without gearboxes, to industrial valves.
The attachment of part-turn actuators to control valves in accordance with the requirements of this document is subject to an agreement between the supplier and the purchaser.
ISO 5211:2017 specifies:
- flange dimensions necessary for the attachment of part-turn actuators to industrial valves [see Figures 1 a) and 1 c)] or to intermediate supports [see Figures 1 b) and 1 d)];
- driving component dimensions of part-turn actuators necessary to attach them to the driven components;
- reference values for torques for interfaces and for couplings having the dimensions specified in this document.
The attachment of the intermediate support to the valve is out of the scope of this document.

  • Standard
    36 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 683-17:2023(Main)
Heat-treated steels, alloy steels and free-cutting steels - Part 17: Ball and roller bearing steels (ISO 683-17:2023)
EN ISO 683-17:2023

ISO 683-17:2014 specifies the technical delivery requirements for five groups of wrought ball and roller bearing steels: through-hardening bearing steels (steels with about 1 % C and 1 % to 2 % Cr), case-hardening bearing steels, induction-hardening bearing steels (unalloyed and alloyed), stainless bearing steels, and high-temperature bearing steels.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 60:2023(Main)
Plastics - Determination of apparent density of material that can be poured from a specified funnel (ISO 60:2023)
EN ISO 60:2023

Specifies a method for the determination of the apparent density of a moulding powder or a granular material. The sample is pured through a specified funnel into a measuring cylinder of 100 cubiccentimeter capacity, the excess is removed with a straightedge and the mass of the contents is determinded by weighing. Expression of the apparent density in grams per millilitre.

  • Standard
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day