Droit secures ISO 27018 for PII protection in the cloud

By Vriti Gothi

Droit has received ISO/IEC 27018:2019 certification, the globally recognised benchmark for safeguarding personally identifiable information (PII) in public cloud environments. The milestone reinforces Droit’s commitment to delivering secure, compliant, and resilient cloud services to the financial services industry.

The certification complements Droit’s existing ISO/IEC 27001:2022 and ISO/IEC 27017:2015 accreditations, both of which were successfully recertified in its most recent audit. Together, this suite of certifications demonstrates the firm’s robust approach to data governance, security, and regulatory alignment, assuring clients navigating increasingly complex cloud adoption strategies.

ISO/IEC 27018 specifically addresses the protection of personal data within public clouds and aligns with the requirements of Europe’s General Data Protection Regulation (GDPR). By attaining this certification, Droit offers institutions an internationally recognised framework for compliance while reinforcing its capacity to meet evolving data privacy obligations worldwide.

Kaveh Moravej, Head of Information Security at Droit, said, “ISO 27018 is the world’s best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programmes. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs.”

Peter Bals, Chief Technology Officer at Droit, said, “Droit’s ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys.”