<p class="MsoBodyText"><span lang="EN-GB">This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">The guidelines in this document can also be relevant to organizations acting as PII controllers.</span></p>
Registration number (WIID)
88150
Scope
<p class="MsoBodyText"><span lang="EN-GB">This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.</span></p>
<p class="MsoBodyText"><span lang="EN-GB">The guidelines in this document can also be relevant to organizations acting as PII controllers.</span></p>
