By clicking the SUBMIT button, I’m providing the above information to Vretta for the purpose of responding to my request.
CONTACTlogo
twitterfacebookfacebook instagram

ISO/IEC 27018 Certification

1. Commitment

Vretta prioritizes protecting personal data in cloud environments by adhering to the highest privacy and information security standards. Our commitment to achieving and maintaining ISO/IEC 27018 certification reflects our dedication to implementing safeguards that ensure the privacy of personally identifiable information (PII) processed in public cloud services.

ISO/IEC 27018 is an international standard that provides guidelines based on ISO/IEC 27002 and is tailored to protect PII in cloud computing. It establishes controls and best practices for cloud service providers acting as PII processors, helping them align with privacy principles and regulatory obligations. Vretta has successfully obtained ISO/IEC 27018 certification, demonstrating our responsibility in handling cloud-based personal data with integrity and transparency.

Ensuring Compliance with ISO/IEC 27018 Certification:

  • PII Protection Policies Implementing policies that address cloud-specific risks to personal data.
  • Consent and Purpose Limitation: Ensuring data is processed only for explicitly defined purposes with valid consent.
  • Transparency and Accountability: Informing clients of data handling procedures and responsibilities.
  • Breach Notification: Maintaining procedures to detect, respond to, and notify stakeholders in the event of data breaches.
  • Data Subject Rights: Enabling PII access, correction, and deletion upon legitimate request.

2. Maintaining ISO/IEC 27018 Certification

To uphold our ISO/IEC 27018 certification, Vretta integrates privacy-by-design principles into our cloud service development and delivery. This includes periodic internal reviews, external audits, updates to privacy controls, and continuous staff training on PII protection responsibilities.

Our privacy framework under ISO/IEC 27018 is closely integrated with our ISMS, ensuring that privacy controls are effectively embedded across operations. Vretta's approach includes:

  • Privacy impact assessments for new services.
  • Encryption and access management for PII.
  • Clear cloud provider/customer role definitions.
  • Continuous monitoring and auditing of PII processing activities.

3. Client Assurance and Regulatory Compliance

Achieving ISO/IEC 27018 certification strengthens Vretta's ability to provide trusted cloud services that meet regulatory expectations and client requirements. This Certification assures our partners that Vretta:

  • Processes personal data in accordance with global privacy best practices.
  • Maintains accountability and transparency across cloud PII handling.
  • Enhances compliance with frameworks like GDPR and other data protection laws.
  • Protects the privacy rights of data subjects through robust and auditable controls.

4. ISO/IEC 27018 Certification Milestones

Vretta is dedicated to maintaining and renewing its ISO/IEC 27018 certification to ensure continued privacy protection in the cloud. Each certification milestone reflects our proactive approach to improving cloud-based personal data management. The following table outlines the timeline of our certification renewals:

Certification MilestoneIssue Date
Initial Report: ISO 27018: 2019Mach 20, 2025

5. Contact

To learn more about how Vretta is maintaining the security and integrity of our solutions, email info@vretta.com.