Posts Tagged ‘ISO27002’

ISMS Certification Does Not Equal Regulatory Compliance

Wednesday, October 31st, 2012

Last week I got the following question:

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements?  Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

This is not the first time I’ve gotten this question, and others similar. As new technology businesses, cloud services and other businesses are popping up to provide services to large regulated organizations, start-ups are increasingly looking for a way to differentiate themselves from their competitors, and also prove that they have not only effective security controls in place, but that they also (more…)

The Pursuit…or Not…of ISO 27001/ISMS/BS7799 Certification

Tuesday, August 21st, 2007

Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…

(more…)