ISO/IEC 27018:2019
ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (1)
PII Processor
| Code | Title |
|---|---|
| A.1.1 | Consent and choice |
| A.10.1 | Information security |
| A.10.10 | User ID management |
| A.10.11 | Contract measures |
| A.10.12 | Sub-contracted PII processing |
| A.10.13 | Access to data on pre-used data-storage space |
| A.10.2 | Confidentiality obligations of personnel |
| A.10.3 | Restriction of creation of hardcopy material |
| A.10.4 | Control and logging of data restoration |
| A.10.5 | Protection of data on storage media leaving premises |
| A.10.6 | PII transmission |
| A.10.7 | Disclosure of PII |
| A.10.8 | Unique use of user IDs |
| A.10.9 | Records of authorized users |
| A.11.1 | Geographical location of PII |
| A.11.2 | Intended destination of PII |
| A.11.3 | Disposal of PII |
| A.11.4 | Temporary files |
| A.11.5 | PII transmission |
| A.12.1 | Notification of a data breach |
| A.12.2 | Return, transfer and disposal of PII |
| A.12.3 | Periodic audits and reviews |
| A.2.1 | Purpose legitimacy and specification |
| A.2.2 | AI policy |
| A.3.1 | Collection limitation |
| A.4.1 | Data minimization |
| A.5.1 | Use, retention and disclosure limitation |
| A.5.2 | AI system impact assessment process |
| A.6.1 | Accuracy and quality |
| A.7.1 | Openness, transparency and notice |
| A.8.1 | Individual participation and access |
| A.9.1 | Accountability |
Your Compliance Coverage
If you comply with ISO/IEC 27018:2019, you already cover:
ISO 27701:2019
19%
6 controls mapped
Compare →ASEAN Guide on AI Governance and Ethics
6%
2 controls mapped
Compare →CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems)
3%
1 controls mapped
Compare →+ 16 more: ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories (3%), ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence (3%)
See all 19 mapped frameworks ↓Maps to 19 other frameworks
Frequently Asked Questions
What is ISO/IEC 27018:2019?
ISO/IEC 27018:2019 is a compliance framework from International with 1 domains and 32 controls. ISO/IEC 27018:2019 Code of practice for PII protection in public clouds acting as PII processors. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO/IEC 27018:2019 have?
ISO/IEC 27018:2019 has 32 controls organised across 1 domains. The largest domains are PII Processor (32 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO/IEC 27018:2019 map to?
ISO/IEC 27018:2019 maps to 19 other compliance frameworks. The top mapping partners are ISO 27701:2019 (19% coverage), ASEAN Guide on AI Governance and Ethics (6% coverage), CCSDS 350.0-G-3 - Space Communications Security (Consultative Committee for Space Data Systems) (3% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO/IEC 27018:2019 compliance?
Start your ISO/IEC 27018:2019 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO/IEC 27018:2019 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 32 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required