Dropbox becomes latest cloud provider to adopt emerging ISO 27018 standard

(c)iStock.com/KIVILCIM PINAR

Cloud storage provider Dropbox has announced it has achieved certification with the emerging privacy standard ISO/IEC 27018, boosting its security credentials.

ISO 27018 was published on July 30 2014 by the International Organisation for Standardisation (ISO) as a follow up to the widely accepted ISO 27001 information security standard. It aims to put together a code of practice for protection of personally identifiable information (PII) in public clouds. The standard has already been taken up by Microsoft, as CloudTech reported back in February.

The benefits for consumers of Dropbox taking up this standard includes transparency on what the storage vendor does and doesn’t do with your data, the ability to add, modify or delete data from Dropbox at any time, as well as annual audits from an independent third party.

“We’re pleased to be one of the first companies to achieve ISO 27018 certification,” the company said. “Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their global compliance needs.”

“Businesses in the UK and all over the world are trusting Dropbox to make collaboration easier and boost productivity,” said Mark van der Linden, Dropbox UK country manager. “Our ISO 27018 accreditation shows we put users in control of their data, we are transparent about where we store it, and we operate to the highest standards of security. Dropbox is one of the first cloud services for business to be recognised with this latest independently-verified standard.”

Dropbox has had its fair share of security worries, including the recent development of a phishing attack, which asks users to download confidential documents.

The company’s certificate, which can be seen here, runs from May 13 2015 to September 30 2017.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

31 May 2015, 3:38 p.m.

I've been reading a lot of your articles and i must say very good stuff. I will surely bookmark your website.


1 Jun 2015, 12:19 a.m.

When visiting blogs, i usually discover an excellent content just like yours. Very good job on this article! I really like how you presented your facts and how you made it appealing and easy to understand. Thank you.


1 Jun 2015, 4:27 a.m.

Admiring the effort and time you put into your site and detailed information you present. It’s good to find a blog every every now and then that isn’t the same old rehashed information. Superb post! I’ve bookmarked your website and I’m adding your RSS feeds to my Google account.


10 Jun 2015, 7:19 a.m.

ISO 27001 expects the management to examine firm's IT security risks, and measure it in terms of threats, vulnerabilities, and business impact. It is also expected that design and implementation of security controls and risk management tools are important for business stability. http://www.valencynetworks.com/it-audit-services/iso.html