Droit, a technology firm at the forefront of computational law and regulation, announces the achievement of ISO/IEC 27018:2019, the gold-standard certification for the protection of personally identifiable information (PII) in public clouds.
Data privacy regulations continue to expand across jurisdictions and are a key compliance requirement for any cloud service provider (CSP). The ISO/IEC 27018 standard assures clients that Droit, as a CSP and PII processor, has implemented best practice controls and guidelines to protect personal data in all public clouds.
This builds on Droit's previous ISO cloud security certifications achieved in 2024, ISO/IEC 27001:2022 and ISO/IEC 27017:2015, which provide security assurance to Droit's clients as they navigate cloud migrations. Droit has also been recertified for both ISO/IEC 27001:2022 and ISO/IEC 27017:2015, in its latest audit.
Today, Droit's trio of cloud and security certifications offers financial institutions enhanced levels of confidence that their personal data and cloud services are secure and provides internationally recognized assurance for their compliance efforts.
In addition, the ISO/IEC 27018 standard aligns with Europe's General Data Protection Regulation (GDPR), which regulates how organizations handle personal data of individuals within the EU, thereby meeting the EU GDPR requirements related to PII.
Kaveh Moravej, Head of Information Security at Droit, said, "ISO 27018 is the world's best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programs. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs."
Peter Bals, Chief Technology Officer at Droit, said, "Droit's ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys."
Droit was audited by an external, independent, and accredited team as part of the ISO certification process.
