We are pleased to announce that Vretta has successfully secured the ISO/IEC 27018:2019 certification, reinforcing our commitment to protecting personal data in the cloud. This internationally recognized standard, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), focuses on safeguarding personally identifiable information (PII) handled by cloud service providers.

Earning the ISO/IEC 27018 certification enhances our existing security and privacy practices, ensuring our cloud-based platforms for e-assessment and learning uphold the highest standards of data protection. This standard specifically addresses the privacy risks associated with cloud computing, providing guidance on how to implement measures that protect PII across cloud environments.

The ISO/IEC 27018 framework emphasizes several core privacy and operational principles:

• PII Lifecycle Protection: Implementing strong controls throughout the collection, processing, and deletion of personal data.

• Data Subject Rights Enablement: Supporting mechanisms to access, correct, or delete personal information upon user request.

• Consent and Purpose Limitation: Ensuring that data processing is limited to specified purposes and done with valid consent.

• Incident Notification Procedures: Establishing clear response plans and communication channels in the event of a data breach.

• Transparency and Accountability: Making data handling policies available and understandable to clients and stakeholders.

Zach Williams, Director of Technology at Vretta, remarked “This certification delivers tremendous value to our clients by ensuring that their data is handled in strict accordance with global privacy regulations. It demonstrates Vretta’s proactive stance on risk mitigation, regulatory alignment, and transparency in cloud operations.”

Our path to ISO/IEC 27018 certification involved a comprehensive evaluation of our cloud operations, privacy policies, and technical safeguards. This milestone reflects our strategic investment in privacy-by-design and reinforces the trust our clients place in us.

If you’d like to learn more about how Vretta’s certified cloud privacy practices can help your organization meet compliance goals and protect customer data, contact us a  info@vretta.com.