What is ISO 27799:2016?
ISO 27799 is an international standard providing guidance on how best to protect the confidentiality, integrity and availability of personal health data for anyone working in the health sector or its unique operating environments.
Among the best practices called for in ISO 27799 are:
- Data access controls, including management of privileged access
- Cryptographic control of sensitive data
- Management and protection of encryption keys
- Recording and archiving “all significant events concerning the use and management of user identities and secret authentication information” and protecting those records from “tampering and unauthorized access.”1
1ISO/IEC 27002, Second edition 2013-10-01: Information technology — Security techniques — Code of practice for information security controls. https://www.iso.org/standard/54533.html