The ISO 27018:2014 standard provides guidance to cloud service providers acting as data processors in the form of objectives, controls, and guidelines. OneLogin aligned its existing privacy controls to be compliant to this standard in order to augment its privacy program. These controls are tested as part of the periodic SOC 2 Type 2 report and an independent body has audited our compliance with this standard as part of our ISO 27001:2013 certificate annual audits.
What’s the primary purpose of this initiative?
The ISO 27018:2014 standard provides guidance to cloud service providers acting as data processors in the form of objectives, controls, and guidelines. Alignment with this standard provides additional assurance of the adequacy of OneLogin’s Privacy Program.
What’s the scope?
OneLogin’s Privacy Program and its alignment with recommended objectives, control, and guidelines.
How often are you evaluated/audited?
The ISO 27018:2014 controls are tested as part of the periodic SOC 2 Type 2 Report Audits and our ISO 27001:2013 Certification audits.
Who performs the evaluation/audit?
Grant Thornton LLP performs the SOC 2 Type 2 audit and the Tuv Nord Group, which is accredited under DAkkS, performs the audit.
Who is the primary audience?
Customers and relevant third parties with a business need.
Where can I get a copy of the report/certificate?
The current certificate can be accessed here. The mapping to ISO 27018:2014 specific controls is included in the appendix of the SOC 2 Type 2 reports.