ISO Certifications

What is ISO 27001?

ISO 27001 certification demonstrates to customers that Palo Alto Networks has been independently assessed to have appropriate processes in place to help ensure the security and reliability of sensitive customer data. Our processes are designed to:

• Ensure data integrity is maintained and can only be modified by authorized users.
• Assess the risks and proactively mitigating the impact of a breach.
• Align management processes with corporate risk strategies and customer requirements.

What is ISO 27017?

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.

What is ISO 27018?

ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set.

What is ISO 27701?

ISO 27701 specifies the requirements for establishing, implementing, maintaining and continually improving – a privacy information management system (PIMS). ISO 27701 is based on the requirements and controls of the widely adopted information security management standard ISO 27001, and provides and extension to ISO 27001 through its own set of privacy-specific requirements and controls. It outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy.