[ ISO 27799:2016 Introduction ]

Medical institutions and medical service providers keep data, including sensitive personal information, such as patient medical history and medical history.

Such information includes data or documented personal key information of patients, and we can often find problems in the management of patients' personal information data around us.

ISO 27799:2016 provides implementation guidelines for the controls described in ISO/IEC 27002 to prevent such problems, and supplements them if necessary, so that they can be effectively used in health information security management.

In addition, the appropriateness of the health information security management organization and the relevant health information, data (images, videos, etc.) and the means used to store it (printed, electronic copies) and the means used to transmit such information (fax, files, etc.) We help ensure the minimum level of security required to maintain confidentiality and confidentiality.

[ Necessity of ISO 27799:2016 ]

• •  Confidentiality of patient personal information can be maintained
• •  It is possible to obtain customer trust by preventing possible risks.
• •  Acquisition of safety through medical service safety and data security system establishment
• •  Ensure interoperability of medical data in medical institutions

[ ISO 27799:2016 Contents ]

• Scope
• Normative References
• Terms and definitions
• Structure of this International Standard
• Information security policies
• Organization of information security
• Human resource security
• Asset management
• Access control
• Cryptography
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and support processes
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Compliance

If you have any questions, please contact us at the following email address.

E-mail: info@igcert.org