Workplace by Facebook Achieves ISO 27018 Certification

The standard protects customers’ personally identifiable information

Facebook’s Workplace by Facebook enterprise solution achieved ISO 27018 certification, meaning that it meets the International Organization for Standardization’s privacy-focused international standard covering information security management systems.

Workplace by Facebook achieved ISO 27001 certification in October 2017, ensuring the confidentiality, integrity and availability of information that organizations control and process and applying a risk-management process.

ISO 27018 requirements fulfilled by Workplace by Facebook include:

  • Providing customers with the ability to access, correct and erase their personally identifiable information.
  • Ensuring that data is processed according to its intended purpose and not taken out of context.
  • Procedures for the deletion of temporary files.
  • Implementing defined disclosure procedures.
  • Providing open, transparent notice when cloud service providers use subcontractors.
  • Encouraging accountability on behalf of the cloud service provider through the implementation of breach notification procedures.
  • More stringent information security requirements for cloud service providers.

Facebook security partner, enterprise products Sandeep Nain wrote in a blog post, “With ISO 27018, we wanted to further improve how we align our security controls to match with the needs and expectations of customers—all of which means that you now have more control over your personally identifiable information and visibility on how we use it. The ISO 27018 certification also gives our customers more assurance about how we process their data according to the very highest industry standards.” David Cohen is editor of Adweek's Social Pro Daily.