Regulatory Compliance using the International Organization of Standardization (ISO) is the fourth post in our “compliance - why and how”
series. Today we look specifically at Information Security Management.
Regulatory compliance help
Regulatory compliance used to come with a saying that corporate America should not be left out in the cold trying to implement regulatory compliance all by themselves. But today there are several national and worldwide organizations compiling successful business processes that lead to the design of specific business standards. These standards, when used, will help others make measured improvements in their business endeavors.
ISO is but one example of an organization that contributes sound references that should be used to create a series of policies, procedures and processes to assist in developing a methodology to guide a company into compliance.
Is an internationally recognized Information Security Management Standard. First published by the International Organization for Standardization in December 2000, ISO 17799 is high level, broad in scope, and conceptual in nature. This approach allows it to be applied across multiple types of enterprises and applications. It has also made the standard controversial among those who believe standards by definition should be more precise. In spite of this controversy, ISO 17799 is the only “standard” devoted to Information Security Management in a field generally governed by “Guidelines” and “Best Practices.” ISO 17799 defines information as an asset that may exist in many forms and has value to an organization. The goal of information security is to suitably protect this asset in order to ensure business continuity, minimize business damage, and maximize return on investments.
Services for professionals
ISO is a leading source of information about risk. They supply data, analytics, and decision-support services for professionals in many fields, including insurance, finance, real estate, health services, government, and human resources. Their products help customers measure, manage, and reduce risk. In the United States and around the world, ISO helps its customers identify, mitigate, and price for risk by providing comprehensive data, leading-edge analytics, and decision-support services. ISO's services help customers protect people, property, and financial assets. The ISO vision is to build an organization that positively impacts the world around it and is widely admired by the virtue of its values, practices, and success. The tenets of two of the ISO standards can play a major role in accomplishing regulatory compliance: ISO 9001 and ISO 17799.
Say as you do and do as you say
The basic tenet of ISO 9001 is to say as you do and do as you say. This axiom is true for any compliancy domain. In full compliance, an organization will be certified by a third party assessment that will determine that appropriate organizational processes and procedures are in place and complied with by the workforce. It establishes the quality control within the organization.
In our next post we’ll look at the National Institute of Standards and Technology (NIST) and the excellent guidance they provide to all organizations.
DTS InfoTech Can Help
Regulatory compliance is the law, but many health care providers are not HIPAA Compliant. If this describes you, we can help you Achieve compliance, Illustrate compliance to auditors and Maintain full compliancy.
For more information: www.dtsinfotech.com/hipaa-compliance-for-small-health-care-practices-2/
Dedicated to your success,
General Manager and Compliance Officer
dts|infotech . . . computer networks that work