Your Personally Identifiable Information (PII) is safe with us.  NetDocuments completed the rigorous and exclusive ISO/IEC 27018 accreditation in November 2017. Adopted in 2014, ISO 27018 is a set of standards to protect PII. As an addendum to ISO/IEC 27001, ISO 27018 is one of the first international standards for cloud privacy. NetDocuments has been ISO 27001 certified since June of 2015. This is another example of NetDocuments continuing to lead the way in protecting customer content. 

Why Pursue 27018?

"Data protection is a NetDocuments core competency," says David Hansen, NetDocuments’ Director of Compliance. Based on internationally-accepted data-protection standards, ISO 27018 outlines specific security requirements for cloud service providers acting as processors of Pll.  By following these standards, NetDocuments manages risk and implements state-of-the-art controls for protecting Pll.

Implementing ISO 27018 controls is just one of the many steps we are taking to ready our customers for GDPR. [Please review our GDPR Quick Facts guide to help you prepare for GDPR compliance. Once we publish the Quick facts, we will update this post]

Who Benefits?

First, our customers.  Because our application complies with the ISO standards, our customers inherit NetDocuments’ ISO compliance. Unlike other document management products supporting legal customers which can only certify their data centers, NetDocuments’ application certification directly benefits our customers and sets the highest possible standard for our operations team. Our compliance with this and other standards further assists our customers in successfully completing most client audits.

Second, our operations team. Consistency rises from standards. We have seen system availability continue to exceed industry standards year-over-year. Due in part to these standards, we have scheduled uptime that exceeds 99.9%. Please contact us to obtain the latest data.

One Compliance Boundary: What’s Next?

At least once a year, NetDocuments operations in the US, EU, and Australia are audited for compliance by independent, third-party auditors. Our cloud-first platform is ready to help organizations comply with their Controller obligations under the GDPR.