With GlobalSuite® allows an effective implementation of the ISO 27018 standard by being fully adapted to the requirements demanded by the standard, not only for companies that are certified in ISO 27001,but those that decide to address the implementation of both standards.
Our software
Discover our software for protecting private information in the cloud
Features
Risk Identification
Guidance of services and processes through asset inventory. Configuration of dimensions and valuation levels.
Risk Management
Catalogue of configurable controls and summary of them, management settings, risk reassessment, parameterizable questionnaires.
Risk Analysis
Parameterization of probability and impact, risk assessment, cost analysis, asset threats and configurable.
Risk Assessment
Definition of acceptable risk, acceptable risk levels, risk listing, risk map, simultaneous or dependent risks.
SGSI processes
It allows to manage the proposal of indicators, Differential Analysis, Declaration of Applicability, capacity management, management of changes and acquisitions, etc.
Continuity, Capacity and Training Plans
It allows you to track a history of each plan and assign metrics for tracking.
Integration with Power BI
Make the most of GlobalSuite data® by performing an executive dashboard in a Business Intelligence tool such as Power BI.
Documentary Manager
It allows the control of all the documentation, in different formats, so that it serves as support in the management of the continuity of the company
Balanced Scorecard
The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.
Do you know how you need to extend the requirements of ISO 27001 and ISO 27002 to take cloud privacy protection into account?
ISO/IEC 27018provides a good practice basis for the protection of personally identifiable information (PII) in the cloud for organizations that act as processors of this information, but ISO / IEC 27018 aims, in broad terms, to identify precisely how the provider manages the personal data of the interested parties, establishes the necessary procedures for any request or access to them thus offering customers complete transparency in this regard.
Based on the safety checks set out in Annex A to ISO 27001 or the ISO 27002 Code of Good Practice, the standard adds safety requirements for Personally Identifiable Information (PII) about specific controlsIn this sense, out of the 114 controls proposed by Information Security standard, ISO 27018 establishes additional requirements on 15 controls, distributed among following clauses:
- Domain 5: Information Security Policies
- Domain 6: Information Security Organization
- Domain 7: Human Resources Security
- Domain 9: Access Control
- Domain 10: Cryptography
- Domain 11: Physical and environmental safety
- Domain 12: Operations security
- Domain 13: Communications security
- Domain 16: Incident Management
- Domain 18: Compliance
The standard defines 8 specific information privacy principles or controls, applicable to the cloud data manager and how to implement them, which is a set of requirements for PII protection. The principles in which it is based on are the following:
- Consent and choice
- Purpose of legitimacy and specification
- Data minimisation
- Limit of use, retention and disclosure
- Opening, transparency and notification
- Responsibility
- Information Security
- Privacy compliance
- It provides confidence in the protection of information from customers and stakeholders, protecting the image of the organization from access or data breach.
- It allows you to identify the risks to which information is exposed (PII) by establishing controls for mitigation.
- Differentiation from competitors in the same sector, providing protection to information under an international standard.
- Protection against multan, providing a management system that protects the information of interested parties.