ISO/IEC 27018:2017 and its benefits
The standard ISO/IEC 27018:2017 also covers information security for cloud providers and thus builds on the standard 27017:2017. The standard sets out processes for the protection of personal data when processed in a shared computing environment.
It’s not just a necessary formality
ISO 27018:2017, like 27017:2017, is intended for cloud service providers, but focuses on processes related to the protection of personal data in shared and hosted computing environments.
As a contracted cloud service provider and personal data processor, we ensure a professional level of customer data security. Our internal processes and technological maturity of the service supports compliance with GDPR and cybersecurity regulations. We ensure the protection of personal data contractually in our Data Protection Agreement. As a result, our customers are able to demonstrate the compliance of the processing of personal data to their customers and public authorities.
Computing infrastructure security
We try to achieve physical security of data and stability of operation in two ways, namely through the so-called. high availability (redundancy & high availability) and high quality security (security). We achieve both high availability and security through a combination of physical and software measures that we apply to the design, operation and administration of physical and virtual computing infrastructure.
Thanks to virtualization and advanced backup technologies, we are able to guarantee constant control, high availability, recoverability, portability and guaranteed deletion of data. In accordance with GDPR requirements, we have also ensured complete contractual confirmation of compliance of all processes with our suppliers.
Data processed in the cloud can be encrypted from the customer and at the level of disk arrays can be randomly stored in data blocks or objects according to the selected storage type, thus reducing the risk of their possible misuse and it is possible to set different policies for access and retention of data.
At the same time, we allow customers to decide and have an overview of which data centre and in which country the data is stored, which is often not even possible with foreign competitors. Customer trust is everything to us. It is therefore unthinkable that we would further monetize our customers’ data, e.g. by selling them to a third party or by data analysis, as is often the case in other IT sectors.