Guest
Security and Privacy
My question was regarding that, what is the difference between 27001 and our ’Security and Privacy’ protection for patients’ data? I am trying to understand if we get ISO 27001 certificate, do we still need to obtain separated privacy and security protection or not?
Assign topic to the user
Expert
Rhand Leal
Aug 06, 2021
ISO 27001 is a management framework for the protection of information in general, and does not cover specifics related to privacy and medical data, depending upon the defined requirement (e.g., GDPR, HIPAA, etc.).
Considering that ISO 27001 may not be enough to ensure fulfillment of privacy requirements. In this case, you should consider using additional ISO 27001 supporting standards, like ISO 27701 (for privacy protection) and ISO 27799 (for health organizations).
For further information, see:
- Relationship between ISO 27701, ISO 27001, and ISO 27002 https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
Comment as guest or Sign in
Aug 06, 2021
Aug 06, 2021
Aug 06, 2021