πŸ€– Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityISO/IEC 27018:2025
CybersecurityStandard

ISO/IEC 27018:2025

ISO/IEC 27018:2025 Information security, cybersecurity and privacy protection β€” Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2025 is the global standard for managing personally identifiable information (PII) in public cloud services. It provides cloud providers with a framework to ensure privacy, security, and compliance when processing customer data.

Book your strategy callView source β†—

Overview

ISO/IEC 27018:2025 extends the ISO/IEC 27002 controls to address the unique risks of cloud computing, focusing on protecting PII handled by cloud service providers acting as data processors. Its purpose is to establish clear guidelines for transparency, accountability, and privacy-by-design, ensuring organizations meet regulatory obligations and customer expectations. The standard helps providers document control objectives, justify exclusions, and demonstrate compliance with international privacy principles.

This standard is relevant to public cloud providers, enterprises, and government agencies that rely on cloud infrastructure to process sensitive personal data. It applies across industries such as healthcare, finance, and critical infrastructure, where secure handling of PII is essential. The 2025 edition aligns with ISO/IEC 27002:2022 and introduces updated implementation guidance, including a new annex for extended best practices. By adopting ISO/IEC 27018:2025, organizations can strengthen trust, reduce risk exposure, and enhance resilience in cloud-based data processing.

Related in Cybersecurity

CybersecurityStandard

ISM CCM β€” Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government β€’ Australia β€’ vJune 2026

View details
CybersecurityRegulation

ISM SSP β€” Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government β€’ Australia β€’ vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA β€” Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government β€’ Australia β€’ vJune 2026

View details
CybersecurityRegulation

ISM β€” Information Security Manual

The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.

Australian Government β€’ Australia β€’ vJune 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks β€” automatically.

Book your strategy call