DataLine received ISO/IEC 27017:2015 and ISO/IEC 27018:2019 security certifications

Cloud provider DataLine received certificates of compliance with international standards for data security in the cloud ISO 27017:2015 and ISO 27018:2019.

The ISO 27017:2015 standard regulates the security of providing cloud services by a provider. The certification process for this standard took into account compliance with the recommendations and practices for ensuring the security of DataLine cloud services, as well as the transparency of actions performed with personal data in the cloud. The ISO 27017:2015 certificate applies to the following company services: virtual infrastructure (IaaS) based on VMware, Hyper-V and Tionix, platform solutions (PaaS), including Kubernetes, S3 object storage, VDI and corporate email hosting, as well as cybersecurity services: NGWF, WAF and multi-factor authentication.

ISO 27018:2019, in turn, contains requirements for the protection of personal information of subjects processed by clients in the cloud. To verify compliance with this standard, the presence of all the measures described in the document for protecting personal information in the cloud was assessed. The scope of the ISO 27018:2019 certificate is a cloud for processing personal data in accordance with 152-FZ (Cloud-152), S3 object storage, virtual desktops (CitrixVDI) and Cloud Disk operating on the basis of Cloud-152.

"The ISO 27017:2015 and ISO 27018:2019 standards are one of the few documents that regulate information security for cloud services, so confirming compliance with their requirements was an important task for our company. Having received these certificates, we guarantee our customers the security of cloud services and the safety of their personal data at the level of world practices," said Vasily Stepanenko, DataLine Cybersecurity center director.

The new certifications complement DataLine's previous ISO 27001:2013 Information Security Management System certification.