I have a question concerning ISO 27002. Does ISO 27002 address controls that support the privacy of data (such as PHI and PII)?
Answer:
Yes, ISO 27002 has the control A.18.1.4 Privacy and protection of personally identificable information, which can be applicable for the protection of any type of personal data. Regarding PHI Protected Health Information", keep in mind that there are another standard that is specifically related with the information security management in health including personal health information- using ISO 27002. This standard is the ISO 27799:2008, and you can download it from the official site of ISO : https://www.iso.org/standard/41298.html
Finally this list of laws and regulations related to information security and business continuity can be interesting for you Laws and regulations on information security and business continuity : https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Comment as guest or Sign in
Jan 12, 2016