Wednesday, February 1, 2017

Google Apps for Work adopts ISO 27018 cloud privacy standard


Nearly a decade ago, we launched Google Apps as an innovative new way for you to collaborate online. Since then, we’ve introduced security innovations like encryption by default, two-step verification, security keys and a security checkup to protect your data. These features underscore our commitment to data protection as outlined in our Google Apps data processing amendment.

Today, we’re furthering our commitment to protect your data by adding the new ISO/IEC 27018:2014 privacy standard to our compliance framework. The new standard provides guidance for cloud providers on protecting the personally identifiable information of their customers and their customers’ users.

Ernst & Young, an independent auditor, has verified that our privacy practices and contractual commitments for Google Apps for Work and Google Apps for Education comply with ISO/IEC 27018:2014. For example:

  • We do not use your data for advertising
  • The data that you entrust with us remains yours
  • We provide you with tools to delete and export your data
  • We protect your information from third-party requests
  • We are transparent about where your data is stored

We continuously work with independent auditors to verify our data protection commitments. For example, over the years we’ve completed third-party SOC2 / SOC3 security audits and achieved ISO 27001 certification to provide transparency and accountability around our security procedures.

The 27018 audit also validates that our Google Apps data protection commitments meet a rigorous international privacy and data protection standard. We think that this a great step forward for both our customers and for the industry. While laws and regulations vary from country to country, the principles set forth in the standard are widely recognized.

Related Posts by Categories

0 comments:

Post a Comment