Droit, a RegTech firm best known for applying computational law to complex financial regulation, has added another layer of assurance to its cloud services. The company has achieved ISO/IEC 27018:2019 certification, an international benchmark for protecting personally identifiable information (PII) in public cloud environments.
This new certification sits alongside Droit’s existing ISO/IEC 27001:2022 and ISO/IEC 27017:2015 credentials, both of which were recently renewed. Together, the trio provides a framework that strengthens security and privacy practices for global financial institutions moving more of their infrastructure to the cloud.
Why ISO 27018 Matters
Data privacy is a regulatory priority across markets. ISO/IEC 27018 was developed specifically to help cloud service providers demonstrate that they manage personal data responsibly and in line with evolving global rules. Importantly, the standard aligns with the EU’s General Data Protection Regulation (GDPR), covering how organizations process and safeguard personal data.
Kaveh Moravej, Head of Information Security at Droit, said, “ISO 27018 is the world’s best-known privacy standard for the cloud and is a natural evolution from our ISO/IEC 27001 and ISO/IEC 27017 certifications. To successfully achieve ISO 27018, we augmented our existing security and privacy programs. This included working across the business on new protocols and raising awareness to ensure all the requirements of the standard were met. We are now able to more easily address existing and future, ever-changing global data privacy regulations and give our clients the confidence that we are fully aligned with their data privacy needs.”
For financial institutions, independent certifications are a form of assurance. They help firms demonstrate compliance while relying on vendors like Droit for cloud services. The external audit process confirmed that Droit’s controls meet internationally recognized benchmarks.
Peter Bals, Chief Technology Officer at Droit, said, “Droit’s ISO certifications underscore our commitment to the safeguarding of both cloud security and data privacy to build trust with the global financial institutions we serve. Achieving ISO 27018 provides independent validation of our focus on security and cements our position as a major cloud services provider. These best practice controls are integral to supporting clients on their cloud journeys.”
Broader Context
Droit’s step reflects a broader industry trend: as financial services continue to migrate sensitive processes into public cloud environments, clients expect not only robust security but also compliance with a patchwork of privacy regulations worldwide. Independent standards like ISO 27018 offer a common baseline, reducing complexity for firms operating across multiple jurisdictions.
By layering ISO 27018 onto its existing security certifications, Droit signals that its cloud services are designed with both resilience and regulatory alignment in mind – a factor that increasingly influences vendor selection in regulated financial markets.
Droit was audited by an external, independent, and accredited team as part of the ISO certification process.
Subscribe to our newsletter
