PL EN
PL EN
787 974 136
731 901 601
Implementation methodology Standard information Benefits Testimonials
DJB Doradztwo Implementations ISO/IEC 27018

ISO/IEC 27018 Protection of Personal Data in Cloud Computing

With our help, you will implement ISO/IEC 27018

Certyfikat Certificate with guaranteed certification
Czas Fast implementation
Puzzle Tailored to your company's needs
Bez papierologii No unnecessary paperwork

Over 5,000 small, medium, and large companies have trusted us over 25 years:

xerox brother good-mills promedica 24 stalesia norvacc holidayin eisberg univar hanarol mwv lot parp minimax
Request a free quote

fill out the form or call us

787 974 136 731 901 601
Certificate guarantee
Bezpieczne dane

Your data is safe with us.
We care about your privacy.

Implementation Methodology

Discover our unique implementation methodology that guarantees
successful certification.

ISO/IEC 27018 – Guidelines for the protection of personally identifiable information (PII) in public clouds acting as PII processors. The standard requires organisations to implement the following measures to ensure that:
  • The customer retains control over their data in the cloud
  • The customer knows what happens to their data in the cloud
  • The organisation ensures effective protection of data in the cloud
  • Customer data will not be used for advertising purposes
  • The organisation informs customers about access to their data by government authorities
ISO/IEC 27018 implementation project
1 Audit
Defining the scope of the audit and identifying key areas such as: data centre location, organisational processes, applications, and the scope of data processing.
Step 1: Audit
2 Implementation of security measures and control mechanisms in information security areas
At this stage, information security documentation will be updated to reflect best practices derived from the ISO/IEC 27002 standard. The following areas will be verified:
  1. Information security policies
  2. Information security organisation
  3. Human resources security
  4. Asset management
  5. Access control
  6. Cryptography
  7. Physical and environmental security
  8. Operational security
  9. Communications security
  10. System acquisition, development and maintenance
  11. Relations with suppliers
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance
Step 2: Implementation of security measures and control mechanisms in information security areas
3 Implementation of security measures from Annex A of ISO/IEC 27018
During this phase of the project, procedures and policies will be developed and implemented, which will include the following elements:
  • A.1 Compliance and selection
  • A.2 Justification and specification of the objective
  • A.3 Scope limitation
  • A.4 Data minimisation
  • A.5 Restriction of use, storage and disclosure
  • A.6 Accuracy and quality
  • A.7 Openness, transparency and notification
  • A.8 Individual participation and access
  • A.9 Accountability
  • A.10 Information security
  • A.11 Compliance with privacy
Step 3: Implementation of security measures from Annex A of ISO/IEC 27018
4 Conducting training on ISO/IEC 27018
During this phase of the project, procedures and policies will be developed and implemented, which will include the following elements:
  • the context, purpose and scope of ISO/IEC 27018
  • the structure of the ISO/IEC 27018 standard
  • implementation of security measures under ISO/IEC 27018 and integration with ISO/IEC 27001
  • typical information security risks relating to personal data processed in the cloud
Step 4: Conducting training on ISO/IEC 27018
5 System review
We conduct internal audits. We assist in developing information security objectives and in carrying out a management review.
Step 5: System review
6 Advisory Support
We help select a certification body and support you during the certification process.
Step 6: Advisory Support

What We Provide to Our Clients

Certyfikat
Guarantee of obtaining certification
Procedury
Development of all procedures and instructions
Zegar
Fast and efficient implementation
Certyfikat
Training confirmed with certificates

Information about ISO 27018

Who is it for?

The ISO 27018 standard – based on ISO 27001 (which standardises information security management systems) – is aimed at all companies and organisations (regardless of their sector, size or legal form) that provide cloud services and thus process their customers’ personal data in the cloud. These may include:

  • private enterprises (ranging from sole traders to large telecommunications companies),
  • public institutions (e.g. schools, healthcare facilities, municipal theatres),
  • government administrative bodies (e.g. district authorities, statistical offices),
  • non-profit organisations (foundations, associations, trade unions).

The requirements of ISO 27018 may also apply to cloud service providers and institutions responsible for supervising personal data protection. Such organisations are usually subject to additional regulations.

Only an entity that has obtained confirmation of the compliance of its information security management system with ISO 27001 may apply for ISO 27018 certification. It is also possible to implement both standards simultaneously.

Information about the standard

The ISO 27018 standard (actually ISO/IEC 27018, as it is also a standard of the International Electrotechnical Commission) is an international standard designed to protect personal data in cloud computing. The creation of guidelines in this area became necessary due to the growing demand from various organisations to use new technologies, whilst seeking to reduce expenditure on servers or licensed security solutions. Processing and storing information in the cloud is significantly less expensive. It also allows for greater operational flexibility thanks to mobile access to the company’s digital resources. At the same time, however, it increases the risk of unauthorised access to customer data.

The aim of implementing the ISO 27018 standard is to enable the efficient elimination of risks associated with operating in a public cloud computing environment. Adherence to such a standard is nowadays essential, without which it is difficult to build customer trust. Customers must, among other things, be assured that:

  • their data will not be used for any purposes other than those for which they have given their consent,
  • they will have access to their own data at any time and the ability to correct or delete it,
  • their data will be disclosed to third parties (e.g. service subcontractors) only to the extent necessary,
  • they will be informed whenever unauthorised entities attempt to access (or do access) their data.

These objectives can be achieved precisely through the implementation of the standards set out in ISO 27018.

Benefits of implementation

Introducing the standards set out in ISO 27018 into your business primarily offers the opportunity to verify the security of data stored in the cloud and minimise the risks associated with its storage. Obtaining ISO 27018 certification also brings other benefits:

  • it increases the level of trust among potential and existing customers, and thus their interest in the services provided,
  • it provides a competitive advantage, as it allows the organisation to stand out from those that have not chosen to implement the ISO 27018 standard,
  • it enhances the company’s credibility on the international stage and creates opportunities to establish cooperation with entities required to comply with the ISO 27018 standard. 

Testimonials

See what our clients say about our implementations

Philips
"PHILIPS POLSKA SP. Z O.O., headquartered in Warsaw, is pleased to recommend the consulting services provided by DJB Doradztwo Marcin Chorąży.

The work carried out by DJB Doradztwo fully met our quality expectations. It was individually tailored to the needs and specific nature of our organization, as well as to the expectations we had defined. The consultant assigned to the project demonstrated the appropriate competencies and extensive knowledge of the ISO 9001:2015 standard, and was always available to offer help and advice whenever needed."
PHILIPS POLSKA SP. Z O.O.
View testimonials
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi - logo
Wojewódzki Specjalistyczny Szpital im. M. Pirogowa w Łodzi
On behalf of the Wojewódzki Specjalistyczny Szpital im. Pirogowa, I recommend DJB Doradztwo Marcin Chorąży as a firm that prepares organizations for the implementation of a Quality Management System in accordance with the requirements of the ISO 9001:2015 standard. We began our cooperation with DJB Doradztwo in 2017 and continue it to this day. The scope of our collaboration focused on issues related to the implementation of the system. The consultant working with our hospital demonstrated extensive subject matter expertise and conveyed a great deal of valuable information regarding the requirements of the standards, their application, and the principles of conducting the internal audit process in an accessible and engaging manner. In our opinion, DJB Doradztwo Marcin Chorąży is a reliable and highly recommended contractor for the implementation of the ISO 9001:2015 system.
Director of the M. Pirogov W.S.S.Roman Bocian, MD, PhD
View testimonials
CONTROL SYSTEM FMN - logo
CONTROL SYSTEM FMN Sp. z o.o. collaborated with DJB Doradztwo on the comprehensive adaptation of the ISO 9001:2009 system to the requirements of the new ISO 9001:2015 standard, DJB Doradztwo undertook to perform all necessary activities to enable our company to obtain the ISO 9001:2015 certificate, in particular: The employees of DJB Doradztwo performed their tasks in a professional manner. The company is characterized by timeliness and flexibility in problem-solving, as well as respect for the Client's interests.
The DirectorBożena Zawalska
View testimonials
Urząd Lotnictwa Cywilnego - logo
Urząd Lotnictwa Cywilnego is delighted to recommend the services of DJB Doradztwo Marcin Chorąży in the area of implementing the new ISO 9001:2015 quality management system standard. All of the consultant's activities were tailored to our specific needs and expectations. The consultant demonstrated extensive knowledge of the ISO 9001:2015 standard, which enabled him to suggest many valuable solutions. The documentation was prepared with care and precision. The training sessions conducted as part of the implementation were engaging and allowed us to gain a deeper understanding of the requirements of the new ISO 9001:2015 standard.
Director of the CEO's OfficeMagdalena Kapuśniak
View testimonials
View all testimonials
Djb Doradztwo

DJB DORADZTWO
Marcin Chorąży

ul. Kilińskiego 121 C / 152
90-049 Łódź
Offer
Company
Copyright 2026 DJB Doradztwo
Privacy Policy Contact