ISO 27799
The Standard for Health Care Providers
What is ISO 27799?
The international standard ISO 27799 is part of the ISO 27000 series of standards. In 2008 it was published by Technical Committee ISO/TC 215 established by the International Organization for Standardization (ISO). Its official title is "Health informatics — Information security management in health using ISO/IEC 27002".
ISO 27799 is to be regarded as an industry-specific ISO 27001 supplement, covering specific security requirements in the health sector. Accordingly, organisations can only be certified against ISO 27001. The implementation guide for both standards is ISO 27002. With ISO 27799, health care providers have gained the opportunity to establish a required minimum of information security in order to ensure the confidentiality, availability, and integrity of personal, health-related data.
Health-Specific Threats and Vulnerabilities
By their nature, health care providers operate in an environment where visitors and the public in general cannot be excluded. Especially in large institutions, the vast number of people moving through operational areas represents a high security risk: physical damage to systems is considerably more likely than in other industries.
In addition to the specific threats, the increased protection requirements of medical records need to be taken into account as these documents contain sensitive, personal data whose confidentiality must be ensured. Furthermore, data integrity and availability are essential for the patients' safety, as they are often crucial for timely and appropriate treatment.
ISO 27799: Topics and Content
- IT security objectives in health organisations
- Health information to be protected
- Threats and vulnerabilities
- Practical implementation in accordance with ISO 27001 and ISO 27002
- Specific measures in addition to ISO 27002
ISO 27799 in Your Organisation
Are you interested in implementing ISO 27799 in your organisation? Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.