Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 and other security frameworks

  Quote
Guest
Guest user Created:   Apr 19, 2018 Last commented:   Apr 19, 2018

ISO 27001 and other security frameworks

Can any of below listed frame works are more or less / equivalent to ISO 27001
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 19, 2018

.07 Adequate data protection safeguard.Pursuant to §301.7216-3(b)(4), a tax return preparer located within the United States, including any territory or possession of the United States, may disclose a taxpayer’s SSN to a tax return preparer located outside of the United States or any territory or possession of the United States with the taxpayer’s consent only when both the tax return preparer located within the United States and the tax return preparer located outside of the United States maintain an adequate data protection safeguard at the time the taxpayer’s consent is obtained and when making the disclosure. An adequate data protection safeguard is a management-approved and implemented security program, policy, and practice that includes administrative, technical, and physical safeguards to protect tax return information from misuse, unauthorized access, or disclosure and that meets or conforms to one of the following privacy or data security frameworks:
(1) The United States Department of Commerce “safe harbor” framework for data protection (or a successor program); (2) A foreign law data protection safeguard that includes a security component (e.g., the European Commission’s Directive on Data Protection); (3) A framework that complies with the requirements of a financial or similar industry-specific standard that is generally accepted as best practices for technology and security related to that industry (e.g., the BITS, Financial Services Roundtable, Financial Institution Shared Assessment Program); (4) The requirements of the AICPA/CICA Privacy Framework; (5) The requirements of the most recent version of IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies and Entities; or
(6) Any other data security framework that provides the same level of privacy protection as

Answer: ISO 27001 is a general framework for managing information security, with a set of controls that can be applied accordingly to an organization context and requirements, while the frameworks you mentioned are specific to defined situations, so you can consider that these frameworks can be implemented operated, managed and improved with the help of ISO 27001, but 27001 is not an equivalent to any of these frameworks (it can only help manage them, but cannot replace them).

This article will provide you further explanation about ISO 27001:
- What is IS 27001 https://advisera.com/27001academy/what-is-iso-27001/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 19, 2018

Apr 19, 2018

Suggested Topics