HONG KONG--(BUSINESS WIRE)--Ribose has achieved certification to ISO/IEC 27018, an international standard recently published by the International Standards Organization (ISO) that provides a code of practice for the protection of personally identifiable information (PII) in public clouds for PII processors.
Created as an extension of the ISO/IEC 27001 standard for information security management systems, ISO/IEC 27018 describes commonly accepted control objectives, controls and guidelines to ensure that PII data is adequately protected when processed by a cloud PII processor, providing a common compliance framework for CSPs operating in multinational markets. Based on the eleven privacy principles contained in ISO/IEC 29100, ISO/IEC 27018 specifies how to apply them within the ISMS framework for privacy protection in the cloud.
This certification means that data managed by Ribose will never be sold to a third-party for advertising, nor subcontracted to parties they may breach the integrity of users’ data. This also means that users retain full control of their data stored on Ribose, and that the company is transparent about where users’ data resides and how it is processed.
“The ISO/IEC JTC 1 SC 27 committee creates and manages the ISO/IEC 27001 family of standards, which includes ISO/IEC 27018 – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. In 2014, ISO/IEC published the 1st Edition of ISO/IEC 27018 which provides control guidelines in support of an information security management system as stipulated in ISO/IEC 27001. Ribose has extended considerable effort towards advancing protection of privacy in the cloud, as recognized through its successful completion of a formal review process in 2015, and is to be commended for all their efforts,” said Dale Johnstone, Vice-Convener of ISO/IEC JTC1 SC 27 / WG 1.
“BSI is the originator of the ISO/IEC 27000 family of international information security standards, of which ISO/IEC 27018 is a part. As a contributor to the ISO/IEC 27018 standard, we worked closely with Ribose and experts from ISO/IEC JTC 1 SC 27 – the subcommittee that developed the standard – to ensure our rigorous certification program accurately assessed their adherence to the standard. We commend Ribose’s commitment to protecting its users’ privacy, and appreciate the valuable feedback they provided during the pilot program,” said Emmanuel Hervé, Vice President of Standards Professional Services, BSI Asia Pacific and Managing Director, BSI Hong Kong.
“Ribose is proud to be the first CSP that provides ISO/IEC 27018-level privacy protection to all users – including paid and free users,” explained Ronald Tse, founder of Ribose. “Our certification demonstrates that ISO/IEC 27018 is complementary with existing global and regional cloud security standards, including CSA’s CCM and C-STAR, Singapore’s MTCS and Chinese national standards.”
“As a pioneer in cloud security and privacy, we apply a ‘highest bar’ approach to implement the most stringent, internationally-certified security standards across every jurisdiction where we operate: Hong Kong, US, UK/EU, Australia, New Zealand, Singapore and China. We believe that privacy is a right, not a luxury – and protecting our users’ data and privacy is paramount,” continued Tse.
Tse concluded, “In today’s connected world, privacy is more important than ever for collaborative work – which often includes confidential commercial data. With increasing amounts of sensitive information being stored in the cloud, the consequences of a data breach could be disastrous for organizations, users, and their data subjects. Privacy and security are the ultimate differentiators, and Ribose is certified to the highest standards in the world.”
Ribose is the cloud collaboration platform that makes working together easy and fun while protecting users’ data with the highest, internationally certified levels of security. Triple-assured by the Cloud Security Alliance, Ribose is the world’s first cloud service provider certified to CSA STAR Attestation, CSA STAR Certification (Cloud Controls Matrix, CCM 3.0.1) and MTCS (Multi-Tier Cloud Security), and the first Software-as-a-Service platform to complete the CSA C-STAR Assessment. Ribose has been consistently awarded the industry's highest cloud security ratings: the highest security tier, Level 3, in MTCS and the highest maturity level, Gold, in STAR Certification.
This year, Ribose won two Gold Stevie® Awards at the 2015 International Business Awards, where it was named Most Innovative Company in Asia and Best New Collaboration Service. It was also selected as a Red Herring Top 100 Globalcompany, joining a prestigious list of up-and-coming technology companies; and awarded the CSA APAC Enterprise Award for Security Innovation of the Year.
Ribose is also certified to ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001, ISO/IEC 27018, ISO 50001, PAS 99, Cyber Essentials Plus, CDSA Content Protection Security (CPS) and AICPA Service Organization Control (SOC)standards, and approved by the UK Government’s G-Cloud program for government use.
Ribose is free to use: ribose.com.
BSI (British Standards Institution) equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. As the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO), BSI is responsible for originating many of the world’s most commonly used management systems standards and publishes over 2,700 standards annually.
Independently assessed and accredited globally by ANAB (ANSI-ASQ National Accreditation Board) and by over 26 other accreditation bodies around the world including UKAS (United Kingdom Accreditation Service), BSI is globally recognized as a champion of best practice.
For more information, please visit: bsigroup.com.