Workplace By Facebook Is Now Certified To ISO 27018 Security Standard

25shares

Facebook announced last week that its Workplace enterprise solution is now certified to the ISO/IEC 27018:2014 standard.

The ISO/IEC 27018:2014 standard is a privacy-focused international standard that builds on information security management systems and “establishes commonly accepted controls and guidelines to protect Personally Identifiable Information (PII) in public cloud computing environments.” Well, that’s a mouthful, isn’t it? But what does it mean for you and your organisation – if your organisation uses Workplace, that is? Well, it means that Workplace “takes your security seriously”; as it should.

Workplace already exceeds the industry standard for protecting personal data, but its new ISO 27018 certification goes a few steps further with new requirements.

Click To Tweet

As Workplace’s Sandeep Nain explains in an announcement last week, the solution “already exceeds the industry standard for protecting your data,” but ISO 27018 goes a few steps further with the following requirements:

It provides customers with the ability to access, correct, and erase their PII
It ensured data processing for its intended purpose only
It implements defined disclosure procedures
It provides open, transparent notice when cloud service providers use sub-contractors
It encourages accountability via breach notification procedures
It provides more stringent information security requirements for cloud service providers

Nain explains that ISO 27001 accreditation, which ensures “the confidentiality, integrity, and availability of information that organizations control and process” was achieved over a year ago, but ISO 27018 goes further, improving how security controls are aligned “to match with the needs and expectations of customers.”

Although Workplace by Facebook achieved ISO 27001 accreditation last year, the enterprise solution has now been certified to ISO/IEC 27018:2014.

Click To Tweet

In plain English? Customers have more control over PII and visibility on how it is used. The new certification also provides more assurance about how data is processed. And if you’re sceptical, you can rest assured that the audit process was completed by an accredited third-party certification body which will review the accreditation every single year to make sure it’s up to scratch.

You can find out more about Workplace’s security here.