On Monday 18 June 2015, Dropbox for Business announced that it had achieved the ISO/IEC 27018 certification.
In February this year, Microsoft announced that Azure platform and both Office 365 and Dynamics CRM Online had achieved the ISO/IEC 27018 certification.
The ISO/IEC 27018 certification is one of the world’s first international standards of privacy and data protection on the cloud which was released in August last year.
As a result of compliance with the standard, customers of Dropbox for Business:
- are in control of their data;
- are aware as to how their data is to be stored; and
- have their data securely stored.
In addition, Dropbox for Business will undergo yearly audits by an independent third party to ensure compliance with the standard.
For Victorian Government departments, these developments could be used to support the demonstration of compliance with the three Information Privacy Principles relevant to cloud computing, namely,
- IPP 4 – data security;
- IPP 6 – access and correction; and
- IPP 9 – transborder information flows.
To view Dropbox for Business’ announcement see: https://blogs.dropbox.com/business/2015/05/dropbox-for-business-iso-27018/
For more information on the ISO/IEC 27018 standard and its relevance to government departments see: http://fal-lawyers.com.au/blogs/2014/12/22/government-departments-on-cloud-nine-isoiec-27018-a-new-standard-promoting-data-and-privacy-protection-in-the-cloud