Workplace is now certified to ISO 27018 security standard

by Sandeep Nain

Workplace is now certified to the ISO/IEC 27018:2014 standard. Here's what that means for you and your organisation.

Workplace takes your security seriously. In fact, every decision we make involves understanding how a new product or process could affect information privacy and security for our customers. And although Workplace already exceeds the industry standard for protecting your data, we know there's always more to do.

That's why we're pleased to announce that Workplace by Facebook is now certified to ISO/IEC 27018:2014 security standard.

What is ISO 27018?

ISO 27018 is a privacy focused international standard that builds on information security management systems. It establishes commonly accepted controls and guidelines to protect Personally Identifiable Information (PII) in public cloud computing environments.

Here's an overview of some of the key ISO 27018 requirements:

  • Providing customers with the ability to access, correct and delete their PII
  • Ensuring data processing for its intended purpose only
  • Implementing defined disclosure procedures
  • Providing open, transparent notice when cloud service providers use sub-contractors
  • Encouraging accountability via breach notification procedures
  • More stringent information security requirements for cloud service providers

What does this mean for you?

We achieved ISO 27001 accreditation in October 2017. This ensures the confidentiality, integrity and availability of information that organisations control and process. ISO 27001 also applies a risk management process so that organisations can manage risk.

With ISO 27018, we wanted to further improve how we align our security controls to match with the needs and expectations of customers.

All of which means that you now have more control over your PII and visibility on how we use it. The ISO 27018 certification also gives our customers more assurance about how we process their data according to the very highest industry standards.

By following the standards of ISO/IEC 27001 and the code of practice embodied in ISO/IEC 27018, Workplace demonstrates that our privacy policies and procedures are robust and in line with its high standards.

The audit process

Our audit for compliance with ISO/IEC 27018 was completed by an accredited third-party certification body. They provided independent validation that applicable security controls are in place and operating effectively. As part of this compliance verification process, the auditors validate that Workplace by Facebook has incorporated ISO/IEC 27018 controls for the protection of PII in Workplace.

And it's an ongoing process. We'll also have third-party reviews every year to remain certified.

Serious about security

We're very proud to serve millions of users and thousands of companies, including Chevron, Vodafone, GSK, AstraZeneca, Walmart, Booking.com and Kering. We continue to invest heavily in security and we're delighted to achieve this latest milestone. It's a certification that we believe shows our commitment to protecting your information and that reinforces our focus on maintaining industry-leading security programmes and practices.

To find out more about the levels of security that you can expect from Workplace, take a look at the website or view the ISO 27018 certificate here.

Work tools that change everything. See for yourself and try Workplace free for 90 days.


Let's stay connected

Stay updated with Workplace by signing up for our newsletter and receive tons of great content.


Follow us

Keep reading