Tuesday, July 10, 2007

Update On ISO 27799: ISO 27789?

ISO 27799 will be the health sector specific version of ISO 17799/27002. The above though is a bit of a misleading title, because it is still under approval and there is no 'update' at all!

However, whilst scanning the airways for progress we identified another health sector related ISO 27000 standard. This is ISO 27789. Like ISO27799 it is specific to the health sector. Its provisional title is: Audit trails for electronic health records. The planned publication date is late 2009.

It looks therefore like the ISO 277nn prefix may have been bagged by the health sector.

TO WATCH:
In the US, the relationship between ISO27799 and HIPAA (Health Insurance Portability and Accountability Act). Will HIPAA become a driver for the adoption of ISO 27799? Will 27799 be used as an example of due diligence with respect to certain aspects of the act? Time will tell.

Labels: , , , ,

posted by ISO 27001 Reporter @ 5:10 AM   0 Comments  

Saturday, June 30, 2007

ISO 27000: Where Are We?

The ISO 27000 series of information security standards is a moving feast. This is a 'live page' which will be kept current with the latest situation as we understand it.

ISO 27000
Not yet published. It will define vocabulary and definitions for the rest of the series.

ISO 27001
Published. This is the specification for an ISMS

ISO 27002
Awaiting publication. This will be the rename of ISO 17799.

ISO 27003
Not yet published. This will be an implementation guide.

ISO 27004
Not yet published. This will cover measurement and metrics for information security management.

ISO 27005
Not yet published. This will cover information security risk management, and is likely to be based upon BS7799-3.

ISO 27006
Published. This is a formal guide to the certification and registration process.

ISO 27007
Not yet published. This will cover the audit process for an ISMS

ISO 27031
Not yet published. This standard will cover ICT business continuity planning.

ISO 27032
Not yet published. This is currently a proposed standard for internet security.

ISO 27799
Awaiting publication. This will be the first industry specific version of ISO 27002. It is focused upon the health sector.

Labels: , , , , , , , , ,

posted by ISO 27001 Reporter @ 8:21 AM   0 Comments