Guest user Created: Aug 06, 2021 Last commented: Aug 06, 2021

Security and Privacy

My question was regarding that, what is the difference between 27001 and our ’Security and Privacy’ protection for patients’ data? I am trying to understand if we get ISO 27001 certificate, do we still need to obtain separated privacy and security protection or not?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 06, 2021

ISO 27001 is a management framework for the protection of information in general, and does not cover specifics related to privacy and medical data, depending upon the defined requirement (e.g., GDPR, HIPAA, etc.).

Considering that ISO 27001 may not be enough to ensure fulfillment of privacy requirements. In this case, you should consider using additional ISO 27001 supporting standards, like ISO 27701 (for privacy protection) and ISO 27799 (for health organizations).

For further information, see:

Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 06, 2021

Expert Advice Community