标准摘要
[中文适用范围]: 本标准为作为个人信息(PII)处理者的公共云服务提供商提供了一套通用的信息安全控制措施。它旨在与ISO/IEC 27002结合使用,帮助云服务客户选择治理良好的云服务,协助双方达成合同协议,并为客户提供审计和合规机制。本标准特别关注公共云计算环境中PII保护的具体风险和要求。 [外文原描述]: This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002:2022, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers.
英文名称Information security, cybersecurity and privacy protection - Guidelines for protection of personally identifiable information (PII) in public clouds acting as PII processors