Cloud storage provider Dropbox said it has adopted ISO 27018, among the first international standards focusing on the protection of personal data in the public cloud.
The standard, published in August 2014, is aimed at clarifying the roles of data controllers and data processors in keeping Personally Identifiable Information (PII) private and secure in public cloud environments; it builds on other information security standards within the ISO 27000 family, and specifically, is an enhancement to the 27001 standard.
ISO 27018 also broadly requires adopting cloud providers to be more transparent about what they do with customer data and where they host it.
In a statement the company said the move would give users more confidence in its platform, particularly enterprise users.
“We’re pleased to be one of the first companies to achieve ISO 27018 certification. Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their global compliance needs,” it said.
Mark van der Linden, Dropbox country manager for the UK said: “Businesses in the UK and all over the world are trusting Dropbox to make collaboration easier and boost productivity. Our ISO 27018 accreditation shows we put users in control of their data, we are transparent about where we store it, and we operate to the highest standards of security.
Earlier this year Microsoft certified Azure, Intune, Office 365 and Dynamics CRM Online under the new ISO standard. At the time the company also said it was hopeful certifying under the standard would make it easier to satisfy compliance requirements, which can be trickier in some verticals than others.