International Standard ISO 27799:2008 — Information security management in health incorporating ISO/IEC 27002:2005 Information Technology — Security Techniques

What is this?

The ISO 27799:2008 is a brand new standard relevant to all healthcare organisations and other custodians of personal health information.  This Standard works in conjunction and as a companion to the 27002:2005 standard.

Specifically, this International Standard addresses the special information security management needs of the health sector and its unique operating environments.  While the protection and security of personal information is important to all individuals, corporations, institutions and governments, there are now special requirements in the health sector that need to be met to ensure the confidentiality, integrity, auditability and availability of personal health information.

Protecting confidentiality is essential if the privacy of individuals in an health care situation is to be maintained.  The integrity of health information must be protected to ensure patient safety, with the key component of that protection being to ensure that the information's entire life cycle be fully auditable.

The availability of health information is also critical to effective healthcare delivery.  Health informatics systems must meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks.  Protecting the confidentiality, integrity and availability of health information therefore requires health-sector-specific expertise and by implementing these standards you will ensure that information security practice management is implemented, monitored and reviewed.

What is the ISO 27799:2008 process?

A specialist consultant will visit you and lead you through the whole process.  This will entail an on-site 'Gap-Analysis' and information gathering meeting.  Once the meeting has been concluded the consultant will liaise with you to produce a 'Code of practice for information security management' (CPISM) document.  This document will be functional and a representative from within your company, shall be responsible for review and maintenance of the document.

Once the document has been approved and your systems are in place, you will be audited to ensure that you are operating according to the CPISM.  The Auditor will then recommend, or not - depending upon your conformity to the CPISM and standards, registration and certification.

Once you have received your certificate of conformity, you will be audited annually to ensure that you are consistently meeting the standards.

How long will the process take?

Typically, this process takes 8 - 12 weeks, but timescales will be managed around individual requirements.

How much will it cost?

From £1,995, payable in three instalments.

How do I start the process?

Simply Click the enquire button, fill in your details and we will contact you to discuss your requirement and answer any questions you may have.