The International Organization For Standardization

1042 Words5 Pages
The International Organization for Standardization (ISO) is an international standard-setting body that consists of qualified subject-matter experts from more than 10 countries that attempt to integrate national standards like those from the American National Standards Institute, ISO Technical Committee (TC) 215 Health Informatics, the BSI Group from the United Kingdom, and the Standards Council of Canada, to name a select few (Murphy, 2015). ISO 27001: Information Security Management System: This standard helps organizations implement security as a system versus numerous controls put in place to solve seemingly isolated issues. The standard includes handling of electronic information as well as paper-based information. From the management perspective, this standard, main contribution is to formalize the concept of risk assessments and organize information security as a quality improvement activity. The standard includes the plan-do-check-act (PDCA) concept as well as the principle of continually assessing the organization, not just episodically (Murphy, 2015). ISO 27799: Health Informatics: This defines information security management in health, which uses ISO/IEC 27002 and augments the requirements of 27002 with healthcare-specific considerations for information security management (Murphy, 2015). The ISO 27000 family of standards helps organizations keep information assets secure). Using this family of standards helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27991 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS is a syste... ... middle of paper ... ...cluding privacy strategic and business planning, privacy gap and risk analysis, benchmarking, privacy policy design and implementation, performance measurement, and independent verification of privacy controls, which includes attestation engagements. CPAs and CAs in industry can enhance their value to their employers by offering privacy advisory services and performing internal assessments against something they can measure—generally accepted privacy principles. The CPA and CA practitioner version is identical to GAPP with the exception of appendix B, “CPA and CA Practitioner Services Using Generally Accepted Privacy Principles,” are intended primarily to assist CPAs and CAs in public practice in providing privacy services to their clients. http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/GenerallyAcceptedPrivacyPrinciples/Pages/default.aspx
Open Document