ISO 27799 standard
Are you aware of any countries that integrated the ISO 27799 standard into their national regulatory framework for hospitals, taking into consideration their specific national legislation applicable to hospitals?
Dear Sigrid,
ISO 27799:2016 (“Health informatics — Information security management in health using ISO/IEC 27002”) is intended as a companion document to ISO/IEC 27002. It is not intended to supplant the ISO/IEC 27000- series of standards but it is a complement to these more generic standards. Moreover, familiarity with ISO/IEC 27002 is indispensable to an understanding of ISO 27799:2016. Usually, countries are using ISO/IEC 27002 for health informatics IT security management through the agency of national or regional guidelines (see the answer to the previous question: example of Belgium). In some countries one can find national versions of ISO 27799. A good example can be found in the NEN 7510 standard series in the Netherlands. A very good set of documents to support the implementation of information security in hospitals has been developed in Germany in the form of a sector-specific German cybersecurity standard for hospitals (B3S) .