ISO 27799 certificationISO 27799 is an international standard that provides guidelines for information security standards in healthcare. This standard is important for ensuring the confidentiality, integrity and availability of personal health information. We will discuss the most important aspects.

What is ISO 27799?

ISO 27799 is officially titled as: “Health informatics – Information security management in health using ISO/IEC 27002“.

The standard provides guidance for healthcare organizations to select, implement and manage information security controls. It complements the ISO/IEC 27002 standard and provides specific guidance for the healthcare sector.

Why is ISO 27799 important in healthcare?

The digital health environment is developing rapidly. Therefore, it is important to have information security controls in place. This way, health information can be protected from threats such as data breaches, cyber-attacks and unauthorized access. ISO 27799 provides a framework for ensuring health information security. It also ensures enforcement of compliance with regulatory requirements.

How does ISO 27799 relate to NEN 7510?

ISO 27799 provides a basis for compliance with the Dutch NEN 7510 standard, which specifically addresses information security in the healthcare sector. NEN 7510 provides guidelines and requirements specifically tailored to Dutch context, but builds on the principles and guidelines from ISO 27799.

Implementation of ISO 27799

The implementation of ISO 27799 involves several steps, including:

  • conducting a risk analysis;
  • establishing controls;
  • developing a detailed security policy.

By implementing these controls, organizations can minimise risks and ensure the security of health information.

ISO 27799 can be applied in a variety of healthcare settings, including hospitals, clinics and other healthcare facilities. By implementing the standard on a customized basis, organizations can improve the security of health information and meet industry-specific requirements.

What are the benefits of ISO 27799 certification?

ISO 27799 certification helps healthcare organizations ensure a minimum required level of information security appropriate for their environment. By complying with ISO 27799, organizations can maintain the confidentiality, integrity and availability of personal health information and reduce the risk of security incidents.

How can your organization obtain ISO 27799 certification?

Achieving ISO 27799 certification requires the implementation of appropriate controls and an information security policy assessment. Certification demonstrates an organization’s compliance with the international standard for healthcare information security.

As a certification body, we offer audit services to organizations that would like to obtain ISO 27799 certification. Our auditors will assess your organization for compliance with the requirements in ISO 27799.


Below is an ISO 27799 checklist, detailing the steps required to achieve ISO 27799 certification:

  1. Purchase the ISO 27799 standard, via e.g. the NEN or NBN, to start your implementation process.
  2. Get in touch and schedule a no-obligation meeting with one of our specialists to discuss the options around ISO 27799 certification.
  3. Improve your knowledge of ISO 27799 by participating in a training course.
  4. Integrate ISO 27799 into your organization and ensure your management system complies with this standard.
  5. Conduct an internal audit to check that your management system is working effectively and that care-specific guidelines have been implemented.
  6. Management evaluates the results of the internal audit and implements any corrective action to ensure the system is performing optimally. Record the findings in a management review.
  7. One of our independent auditors will then assess whether your management system complies with ISO 27799.

What does ISO 27799 certification cost?

Implementation starts with the purchase of the ISO 27799 standard. The cost of the entire process depends on several factors. These include the complexity of the processes, whether work is done in shifts, the extent to which matters are already in order within the organization, the number of FTEs and locations.

The costs for certification consist of the number of hours Brand Compliance spends preparing for the audit, the audit itself, the reporting and additional costs such as the certificate, administration and travel expenses. The quickest way to calculate costs starts with an introductory meeting.


ISO 27799 plays a role in ensuring information security in healthcare. By implementing and certifying to the standard, organizations can ensure the confidentiality, integrity and availability of healthcare information and strengthen stakeholder trust.

Contact us today to learn more about our ISO 27799 certification services and start ensuring the security of your healthcare information.


What is the difference between ISO 27799 and the NEN 7510 standard?

ISO 27799 is an international standard that provides guidelines for healthcare information security on a global level, while the NEN 7510 standard is specifically focused on information security in the Dutch healthcare sector.