Ultimate achieves certification for cloud security standard ISO 27018



Ultimate Software, vendor of human capital management (HCM) solutions in the cloud, announced Monday that it has completed the certification for ISO 27018.

ISO 27018 is a standard published by the International Organization for Standardization (ISO) that establishes commonly accepted control objectives, controls, and guidelines that cloud service providers must implement to protect Personally Identifiable Information (PII).

To receive ISO 27018 certification, Ultimate established that customers retain full rights to access and delete their data, customer data is processed only for the purpose expressed by the customer, and Ultimate is transparent about where its customers’ data is stored.

In addition to completing ISO 27018 certification, Ultimate recently earned certification to the new EU-U.S. Privacy Shield Framework and the Asia Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system.

“The privacy of our customers and their employees is a top priority,” said Adam Rogers, chief technology officer at Ultimate. “Compliance with ISO 27018 means we are recognized for the sophisticated technologies and processes we use to handle PII. Since compliance requires annual certification, it is also a demonstration of our ongoing commitment to strong data-privacy practices.”

Last month, Ultimate Software announced that it was awarded certification for adherence to the principles of the Asia Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. These principles encourage the development of appropriate information privacy protections, and are aimed at promoting electronic commerce throughout the Asia Pacific region.

The APEC Cross Border Privacy Rules (CBPR) system was developed by participating APEC economies to build trust in cross border flows of personal information. The APEC CBPR system requires participating businesses to develop and implement data privacy policies consistent with the APEC Privacy Framework.

These policies and practices must be assessed as compliant with the minimum program requirements of the APEC CBPR system and be enforceable by law. Ultimate Software has been awarded certification for meeting APEC CBPR privacy rules from TRUSTe, one of the APEC’s approved Accountability Agents.

Leave a Reply

WWPI – Covering the best in IT since 1980