ISO 27018
Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
| Control | Description |
|---|---|
| A 9.2 Retention period for administrative security policies and guidelines | Copies of security policies and operating procedures should be retained for a specified, documented period upon replacement (including updating). |
| A 9.3 The public cloud PII processor should have a policy in respect of the return, transfer, and/or disposal of PII and should make this policy available to the cloud service customer. | The public cloud PII processor should have a policy in respect of the return, transfer, and/or disposal of PII and should make this policy available to the cloud service customer. |
| A 10.3 Control and logging of data restoration | There should be a procedure for, and a log of, data restoration efforts. |
| A 10.4 Protecting data on storage media leaving the premises | PII on media leaving the organization's premises should be subject to an authorization procedure and should not be accessible to anyone other than authorized personnel (e.g., by encrypting the data concerned). |
| A 10.5 Use of unencrypted portable storage media and devices | Portable physical media and portable devices that do not permit encryption should not be used except where it is unavoidable, and any use of such portable media and devices should be documented. |
| A 10.6 Encryption of PII transmitted over public data-transmission networks | PII that is transmitted over public data-transmission networks should be encrypted prior to transmission. |
| A 10.8 Unique use of user IDs | If more than one individual has access to stored PII, then they should each have a distinct user ID for identification, authentication, and authorization purposes. |
| A 11.1 Geographical location of PII | The public cloud PII processor should specify and document the countries in which PII might possibly be stored. |
To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.