ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is a multinational SaaS provider that stores and processes EU customers' data in several public cloud regions. During a privacy audit, the assessor asks which internationally recognized standard you follow to prove that you have implemented specific controls for protecting personally identifiable information (PII) as a public cloud service provider acting as a data processor. Which standard should you reference to best satisfy this requirement?
ISO/IEC 27701 - Privacy Information Management System (PIMS) requirements and guidance
ISO/IEC 20000-1 - Service management system requirements
ISO/IEC 27018 - Code of practice for protection of PII in public clouds acting as PII processors
ISO/IEC 27017 - Information security controls for cloud services
ISO/IEC 27018 is the first international code of practice focused on protection of personally identifiable information (PII) in public cloud computing environments where the cloud service provider acts as a PII processor. It augments the ISO/IEC 27002 controls with privacy-specific guidance such as data subject consent, transparency, data minimization, and accountability-precisely the evidence an EU privacy auditor seeks.
ISO/IEC 27701 extends ISO/IEC 27001 to create a broader Privacy Information Management System but is not limited to cloud processors.
ISO/IEC 27017 provides generic information security controls for cloud services without the PII-specific focus.
ISO/IEC 20000-1 addresses IT service management, not privacy requirements. Therefore, ISO/IEC 27018 is the most appropriate standard to reference.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ISO/IEC 27018?
Open an interactive chat with Bash
How is ISO/IEC 27018 different from ISO/IEC 27701?
Open an interactive chat with Bash
Why is ISO/IEC 27018 particularly important for compliance with EU privacy laws like GDPR?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .