UKCloud, formerly Skyscape Cloud Services Limited, has announced that it has achieved certification against the ISO27018 information security standard, for the protection of personally identifiable information (PII) in public clouds, becoming the first UK company to be awarded this status by certification body, LRQA.
The recently introduced ISO27018 augments the existing ISO27002 standard’s control set with a specific focus on cloud privacy and the protection of personal data. Some of the ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities, and regulations related to a customer’s right to access and delete personal data.
John Godwin, Director of Compliance and Information Assurance at UKCloud said, “public sector organisations with considerable data protection responsibilities understandably have significant concerns when it comes to how their information is processed, stored and protected. ISO27018 delivers a more comprehensive framework of controls when it comes to the protection of personally identifiable data in the cloud; our certification means our customer base, which is exclusively comprised of public sector organisations, can be assured that their data is in safe hands.”
With the introduction of the EU General Data Protection Regulation (EU GDPR) in May 2018, ISO27018 aligns with many of the requirements of this new data protection legislation and is expected to become an established method of assessing compliance against the new Regulation for cloud service providers.
John added, “we’re pleased to be leading the way as the first UK company to have achieved certification against ISO27018. As an early adopter of the standard, we are once again demonstrating our continued commitment to delivering agile services with the highest possible levels of security assurance.”
UKCloud has also announced that it has re-certified against the ISO20000 standard for IT Service Management for a further three years.