ISO/IEC 29151 is an international standard jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It establishes the control objectives, controls, and guidelines for implementing controls with regard to the processing of personally identifiable information (PII) to meet the requirements identified by risk and privacy impact assessments related to the protection of PII. In December 2020, Tencent Cloud has passed an an independent third-party assessment and received ISO/IEC 29151:2017 certification.
1. What does ISO/IEC 29151 certification cover?
Based on ISO/IEC 27002 Information technology - Security techniques - Code of practice for information security controls and relevant ISO security standards, ISO/IEC 29151 provides a series of guidelines for information security and PII protection controls and guides organizations to select controls that are appropriate for the specific processing of PII based on the results of risk analysis, with a view to developing a comprehensive and consistent control system, lowering the risk of privacy leakage, and reducing violations.
2. How does Tencent Cloud meet the requirements of ISO/IEC 29151 certification?
Based on its PII objectives and business needs, Tencent Cloud implements safeguards from the perspectives of regulatory compliance, risk assessment, and corporate policies in compliance with the control requirements of ISO/IEC 29151, including but not limited to implementing security controls throughout the lifecycle of PII from PII creation, collection, storage, use, and transfer to the final disposal (such as secure destruction), assessing and managing risks to PII based on ISO/IEC 29134, and verifying whether risk management and controls are accurately implemented according to ISO/IEC 27018.
3. What does ISO/IEC 29151 certification mean to Tencent Cloud customers?
The award of ISO/IEC 29151 certification demonstrates that Tencent Cloud has developed an appropriate security control system that provides high level of privacy protection controls for user PII in the cloud. To learn more about ISO/IEC 29151 certification received by Tencent Cloud (such as certified IDCs and products), please contact us.