Introduction of ISO 27799
ISO/IEC 27799 is a part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series’ is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its current draft title is Information Security Management in Health using ISO/IEC 27002. It has now reached 'committee draft' stage within its development cycle. The purpose of ISO/IEC 27799 is providing guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002. It specifically covers the security management needs in this sector, with respect to the particular nature of the data involved.
The standard takes account of the range of models of service delivery within the healthcare sector, and provides additional explanation with respect to those control objectives within 17799/27002 that require it. A number of additional requirements are also listed.