preview

What Is ISO 27001: Information Security Management System?

Good Essays
The International Organization for Standardization (ISO) is an international standard-setting body that consists of qualified subject-matter experts from more than 10 countries that attempt to integrate national standards like those from the American National Standards Institute, ISO Technical Committee (TC) 215 Health Informatics, the BSI Group from the United Kingdom, and the Standards Council of Canada, to name a select few (Murphy, 2015).
ISO 27001: Information Security Management System: This standard helps organizations implement security as a system versus numerous controls put in place to solve seemingly isolated issues. The standard includes handling of electronic information as well as paper-based information. From the management perspective, this standard, main contribution is to formalize the concept of risk assessments and organize information security as a quality improvement activity. The standard includes the plan-do-check-act (PDCA) concept as well as the principle of continually assessing the organization, not just episodically (Murphy, 2015).
ISO 27799: Health Informatics: This defines information security management in health, which uses ISO/IEC 27002 and augments the requirements of 27002 with healthcare-specific considerations for information security management (Murphy, 2015).
…show more content…
Using this family of standards helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27991 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
Get Access