We are pleased to announce that we have been granted certifications for ISO 27017 and ISO 27018, globally-respected information security standards developed by the International Organization for Standardization (ISO). AMPECO was previously awarded the ISO 27001 certification in 2021. These two additional certifications highlight the company’s ongoing commitment to providing its customers with the gold standard in data security and privacy.
What are the ISO 27017 and ISO 27018 standards?
ISO 27017 and ISO 27018 are international standards for protecting personal data in the cloud. Both standards are part of the ISO 27000 series of standards that relate to information security management. They are designed to help ensure the confidentiality, integrity, and availability of personal data stored in the cloud and to protect against unauthorized access or tampering with that data. The main difference between the two standards is their focus. ISO 27017 provides general guidance on the protection of personally identifiable information (PII) in the cloud, while ISO 27018 provides specific guidance on the protection of PII in the context of public cloud services.
ISO/IEC 27017:2015 provides guidelines for protecting PII in public clouds and covers cloud-specific information security threats, security controls, risk assessments, and incident management.
ISO/IEC 27018:2019 provides guidance on implementing measures to protect PII in the cloud, specifically regarding public cloud services. It covers topics such as data protection, data processing, and data handling.
How AMPECO ensures data security and privacy
A rigorous audit that involved a review of AMPECO’s policies, procedures, and practices as well as the assessment of physical and technical controls in place was done to ensure our information security management system (ISMS) meets the requirements of both standards. These certifications reflect AMPECO’s ability to uphold the highest cybersecurity standards and its ongoing commitment to providing the best protection. Here are some specific ways AMPECO’s ISO 27017 and ISO 27018 certifications ensure the security and privacy of personal data in our EV charging platform:
1. Data protection: The standards provide guidance on how to protect personal data in the cloud, such as customer names, billing addresses, and payment information, including through the use of encryption and other security controls.
2. Data processing: The standards outline requirements for how personal data should be processed and handled in the cloud in regard to access controls and data minimization- a privacy principle that involves collecting, using, and retaining only the personal data that is necessary to achieve a specific purpose.
3. Risk assessment: AMPECO conducts regular risk assessments and vulnerability tests to identify potential threats to personal data in the cloud. These assessments ensure we can address any weaknesses in our systems and processes that could potentially be exploited.
4. Incident management: To respond to and manage incidents that could compromise the security and privacy of personal data in the cloud, AMPECO has a business continuity plan (BCP) in place for the continuation of critical business processes in the event of a disruption. It includes strategies for maintaining or quickly recovering essential functions and protecting personal data information.
AMPECO’s ISO compliance in the broader landscape of data security and privacy
Protecting our customers’ information and their users’ privacy is of primary importance to us. As AMPECO offers a cloud-based EV charging management platform, we recognize that customers are increasingly seeking assurance that we meet cloud security and data privacy requirements. With the addition of ISO 27017 and ISO 27018 certifications, we provide additional protection for personal data in the cloud and ensure we have the appropriate processes in place to maintain the security of sensitive data, prevent unauthorized access and reduce the security risk for our customers.