Trusted cloud services provider has also achieved re-certification to ISO9001 and ISO27001, and has transitioned to the ISO27001:2013 standard
London – May 19, 2015 – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave cloud services company, today announced that it has achieved a re-certification against Quality Management System standard ISO9001:2008 and the updated ISO27001:2013 global Information Security Management System standard, and has also adopted and committed to the additional controls within the recently released ISO27018:2014 standard.
“The increasing adoption of cloud services has given rise to valid customer concerns about where their personal data is processed and stored, and how it is being properly protected,” said John Godwin, Head of Compliance and Information Assurance, at Skyscape Cloud Services. “ISO27018 introduces a more detailed approach to addressing these data privacy concerns, and supplements the 114 controls which are already offered within the ISO27001 information security management system standard.”
ISO27018 provides an approach to addressing data privacy concerns around Personally Identifiable Information (PII) within public cloud services, using an extended framework of PII focused controls which supplement those already present within ISO27001:2013.
The extended control set addresses the geographic location of PII, requirements for effective procedures for disclosure recording and breach reporting, and controls for the management of sub-contracted parties which may be involved in PII processing.
Other ISO27018 controls highlight the need for robust contractual activities for cloud services, reinforce the need for appropriate encryption of PII within cloud services and he require acceptable methods of secure PII data deletion as soon as it is no longer needed.
Godwin continued: “Skyscape’s adoption of ISO27018 demonstrates our acknowledgement of these concerns, and confirms our ongoing commitment to providing the highest possible levels of security for our UK-based public sector cloud services. We anticipate that the adoption of ISO27018 will soon become a benchmark for assessing the security of Cloud Service Providers, and expect that cloud customers will be seeking the additional assurance that the implementation of controls from the ISO27018 standard will provide to their Personally Identifiable Information.”
Skyscape’s Information Security Management System has already incorporated the extended control set from ISO27018, ensuring that specific risks associated with PII in the cloud have been properly understood, assessed and managed. Until a standalone certification for ISO27018 is made available, Skyscape will demonstrate compliance through its existing ISO27001 verification and audit activities.