Expert Advice Community

Guest

HIPAA vs. ISO 27001 - What are the differences?

  Quote
Guest
Guest user Created:   Feb 04, 2021 Last commented:   Feb 04, 2021

HIPAA vs. ISO 27001 - What are the differences?

I see what appears to be a merge between hashtag#SOC2 and hashtag#iso27001 audit controls and offered as the "SOC2 plus ISO" audit.  The challenge I see with most mappings for the audit is the omission of Clause 4-10.

Dejan Košutić do you see a "HIPAA plus ISO" being born and if so, how does Clause 4-10 apply?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 04, 2021

Please note that either SOC2 and HIPAA focus on controls to be implemented, while ISO 27001 provides a framework for information security management, meaning that it also covers the controls improvement and adjustment according to changes in a business context, based on a risk management approach.

Considering that including in an audit of SOC2 and HIPPA references to clauses 4-10 of ISO 27001 only makes sense if the organization, besides the required controls, also has a management system.

My point of view is that “HIPAA plus ISO” trend will increase, and since legal requirements for information security will also increase, the adoption of a full information security management system will require future audits to include clauses 4-10 of ISO 27001, if not because HIPAA requirements, but because organizations will realize that a full management system will help them better manage multiple legal requirements for information security

This article will provide you a further explanation about benefits of ISO 27001:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- HIPAA compliance vs ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/21/01/27/hipaa-compliance-vs-iso-27001/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/d-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 04, 2021

Feb 04, 2021

Suggested Topics

Guest user Created:   Jul 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question on ISO 27001

Guest user Created:   Jul 07, 2021 ISO 27001 & 22301
Replies: 1
1 0

ISO Certified Auditor