Posts Tagged ‘ISMS’
Wednesday, October 31st, 2012
Last week I got the following question:
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
This is not the first time I’ve gotten this question, and others similar. As new technology businesses, cloud services and other businesses are popping up to provide services to large regulated organizations, start-ups are increasingly looking for a way to differentiate themselves from their competitors, and also prove that they have not only effective security controls in place, but that they also (more…)
Tags:27001, 27002, audit, awareness, breach, certification, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, ISMS, ISO27001, ISO27002, IT security, job applicants, laws, messaging, midmarket, non-compliance, OCR, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, SPI, systems security, training
Posted in HIPAA, HITECH, Laws & Regulations | No Comments »
Friday, September 21st, 2007
I’ve been doing some compliance gap analysis work comparing the policies of one of my clients with ISO/IEC 17799:2005. It was renamed in July of this year to ISO/IEC 27002:2005. So, along with the name change, did the content also change? Having the 2005 tacked on the end of the new name would seem to possibly indicate not. Hmm…
(more…)
Tags:awareness and training, Gary Hinson, Information Security, ISMS, ISO 27002, ISO/IEC 17799:2005, ISO/IEC 27002, IT compliance, policies and procedures, privacy, risk management
Posted in Information Security | 1 Comment »
Tuesday, August 21st, 2007
Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…
(more…)
Tags:awareness and training, Information Security, ISMS, ISO 27001, ISO 27001 certification, ISO27002, IT compliance, OECD, PII, policies and procedures, privacy, risk management
Posted in Information Security | 2 Comments »
Friday, August 17th, 2007
If you have not yet clicked a button on my poll regarding ISMS/ISO27001 certification (see right side of page and scroll down a little) please do so! I’m finding it interesting that a large portion (36%) of those who have clicked for the poll so far are not aware of the certification. This perhaps calls to question the folks at BSI who forecast that 80% of U.S. companies will be pursuing certification in the next couple of years.
See my original post for more information about it.
Tags:awareness and training, BSI Management Systems, Information Security, ISMS, ISO 27001, ISO 27001 certification, IT compliance, John DiMaria, policies and procedures, privacy, risk management
Posted in Information Security | No Comments »
Monday, August 13th, 2007
Over the weekend I was reading the latest issue of SC Magazine, and some of the statements within the article “U.S. lags in ISO 27001 compliance” made me go, “Huh?”
(more…)
Tags:awareness and training, BSI Management Systems, Information Security, ISMS, ISO 27001, ISO 27001 certification, IT compliance, John DiMaria, policies and procedures, privacy, risk management, SC Magazine
Posted in Information Security | 3 Comments »
