Information Security and GDPR


Many standards that claim to cover information security exist and it may be hard for the untrained eye to tell them apart. However, not all so-called standards are created equal.


-ISO 27001; the gold standard for information security; all-encompassing globally recognized standard

-PCI DSS; compliance is required for companies in the Payment Card Industry; focuses on the protection of card holder data

-ISAE 3402; international successor of SAS-70, a US based (empty) standard, compulsory for listed companies and also popular in the financial segment; derived requirements for data centers focus mostly on physical protection  

-SOC I & II; comes from the US financial audit world; focuses on correct processing of company financials

-TIA 942; specific for data centers; focuses on physical protection and operational excellence; audits are performed by the Uptime Institute

-GDPR; new EU Regulation for the protection of privacy of EU citizens; this is not a standard, but an EU-wide law.