Facebook announced last week that its Workplace enterprise solution is now certified to the ISO/IEC 27018:2014 standard.
The ISO/IEC 27018:2014 standard is a privacy-focused international standard that builds on information security management systems and “establishes commonly accepted controls and guidelines to protect Personally Identifiable Information (PII) in public cloud computing environments.” Well, that’s a mouthful, isn’t it? But what does it mean for you and your organisation – if your organisation uses Workplace, that is? Well, it means that Workplace “takes your security seriously”; as it should.
As Workplace’s Sandeep Nain explains in an announcement last week, the solution “already exceeds the industry standard for protecting your data,” but ISO 27018 goes a few steps further with the following requirements:
- It provides customers with the ability to access, correct, and erase their PII
- It ensured data processing for its intended purpose only
- It implements defined disclosure procedures
- It provides open, transparent notice when cloud service providers use sub-contractors
- It encourages accountability via breach notification procedures
- It provides more stringent information security requirements for cloud service providers
Nain explains that ISO 27001 accreditation, which ensures “the confidentiality, integrity, and availability of information that organizations control and process” was achieved over a year ago, but ISO 27018 goes further, improving how security controls are aligned “to match with the needs and expectations of customers.”
In plain English? Customers have more control over PII and visibility on how it is used. The new certification also provides more assurance about how data is processed. And if you’re sceptical, you can rest assured that the audit process was completed by an accredited third-party certification body which will review the accreditation every single year to make sure it’s up to scratch.
You can find out more about Workplace’s security here.