Workplace is now certified to the ISO/IEC 27018:2014 standard. Here's what that means for you and your organization.
Workplace takes your security seriously. In fact, every decision we make involves understanding how a new product or process could affect information privacy and security for our customers. And although Workplace already exceeds the industry standard for protecting your data, we know there's always more to do.
That's why we're pleased to announce that Workplace by Facebook is now certified to ISO/IEC 27018:2014 security standard.
What is ISO 27018?ISO 27018 is a privacy focused international standard that builds on information security management systems. It establishes commonly accepted controls and guidelines to protect Personally Identifiable Information (PII) in public cloud computing environments.
Here's an overview of some of the key ISO 27018 requirements:
- Providing customers the ability to access, correct, and erase their PII
- Ensuring data processing for its intended purpose only
- Implementing defined disclosure procedures
- Providing open, transparent notice when cloud service providers use sub-contractors
- Encouraging accountability via breach notification procedures
- More stringent information security requirements for cloud service providers
What does this mean for you?We achieved ISO 27001 accreditation in October 2017. This ensures the confidentiality, integrity, and availability of information that organizations control and process. ISO 27001 also applies a risk management process so organizations can manage risk.
With ISO 27018, we wanted to further improve how we align our security controls to match with the needs and expectations of customers.
All of which means that you now have more control over your PII and visibility on how we use it. The ISO 27018 certification also gives our customers more assurance about how we process their data according to the very highest industry standards.
By following the standards of ISO/IEC 27001 and the code of practice embodied in ISO/IEC 27018, Workplace demonstrates that our privacy policies and procedures are robust and in line with its high standards.
The audit processOur audit for compliance with ISO/IEC 27018 was completed by an accredited third party certification body. They provided independent validation that applicable security controls are in place and operating effectively. As part of this compliance verification process, the auditors validate that Workplace by Facebook has incorporated ISO/IEC 27018 controls for the protection of PII in Workplace.
And it's an ongoing process. We'll also have third-party reviews every year to remain certified.