Skip to main content

ISO 27799

The Standard for Health Care Providers

What is ISO 27799?

The international standard ISO 27799 is part of the ISO 27000 series of standards. In 2008 it was published by Technical Committee ISO/TC 215 established by the International Organization for Standardization (ISO). Its official title is "Health informatics — Information security management in health using ISO/IEC 27002".

ISO 27799 is to be regarded as an industry-specific ISO 27001 supplement, covering specific security requirements in the health sector. Accordingly, organisations can only be certified against ISO 27001. The implementation guide for both standards is ISO 27002. With ISO 27799, health care providers have gained the opportunity to establish a required minimum of information security in order to ensure the confidentiality, availability, and integrity of personal, health-related data.

Health-Specific Threats and Vulnerabilities

By their nature, health care providers operate in an environment where visitors and the public in general cannot be excluded. Especially in large institutions, the vast number of people moving through operational areas represents a high security risk: physical damage to systems is considerably more likely than in other industries.

In addition to the specific threats, the increased protection requirements of medical records need to be taken into account as these documents contain sensitive, personal data whose confidentiality must be ensured. Furthermore, data integrity and availability are essential for the patients' safety, as they are often crucial for timely and appropriate treatment.

ISO 27799: Topics and Content

Taking these health-specific threats and vulnerabilities into account, ISO 27799 covers the following topics:
  • IT security objectives in health organisations
  • Health information to be protected
  • Threats and vulnerabilities
  • Practical implementation in accordance with ISO 27001 and ISO 27002
  • Specific measures in addition to ISO 27002

ISO 27799 in Your Organisation

Are you interested in implementing ISO 27799 in your organisation? Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.