-50% discount* If you buy the same UNE standard in different languages. * Discount on the lower pvp.

ISO 27799:2025

Health informatics — Information security controls in health based on ISO/IEC 27002

Edition date: 2025-12-18
In Force
Available languages: French, English
Summary:

This document provides information security controls, including implementation guidance, for health organizations. It is based on ISO/IEC 27002:2022

In addition to generic ICT equipment and software used in many other environments, the scope of this document includes software and systems specifically for healthcare, such as electronic health record systems and medical devices incorporating health software. Such medical devices can be programmed or programmable and can contain software, firmware or both.

Other digital equipment (such as that for environmental and infection control, building management, and physical security), which can be used in premises where healthcare is provided, is also in scope.

This document applies to information in all its aspects, whatever form the information takes (including text and numbers, sound recordings, drawings, images and video), by whatever means it has been acquired or captured, whatever means are used to store it (such as printing or writing on paper or storage electronically), and whatever means are used to transfer or exchange it (orally, by hand, by post, movement of storage media, direct links or networking).

This document is for organizations of all types and sizes that provide healthcare or are custodians of personal health information for other reasons. The information that they are responsible for can be stored and processed in many possible ways and locations, including on premises or in the cloud, but remains in scope.

This document applies to all physical settings where healthcare is intended to be delivered, such as hospitals, clinics and other locations or facilities designated for healthcare purposes such as ambulances and mobile imaging or diagnostic units. It also applies to care provided elsewhere, such as in residential premises. In addition to the range of settings, this document applies to all methods of service provision including remote or virtual healthcare.



Le présent document fournit des contrôles de sécurité de l'information, y compris des recommandations pour leur mise en œuvre, à l'intention des organismes de santé. Il est basé sur la norme ISO/IEC 27002:2022.

Outre les équipements et logiciels TIC génériques utilisés dans de nombreux autres environnements, le domaine d'application du présent document comprend les logiciels et systèmes spécifiquement destinés aux soins de santé, tels que les systèmes de dossiers médicaux électroniques et les dispositifs médicaux intégrant des logiciels de santé. Ces dispositifs médicaux peuvent être programmés ou programmables et peuvent contenir des logiciels, des microprogrammes ou les deux.

D'autres équipements numériques (tels que ceux destinés au contrôle de l'environnement et des infections, à la gestion des bâtiments et à la sécurité physique), qui peuvent être utilisés dans les locaux où des soins de santé sont dispensés, entrent également dans le domaine d'application.

Le présent document s'applique à l'information sous tous ses aspects, quelle que soit sa forme (y compris les textes et les chiffres, les enregistrements sonores, les dessins, les images et les vidéos), quels que soient les moyens utilisés pour l'acquérir ou la saisir, quels que soient les moyens utilisés pour la stocker (tels que l'impression ou l'écriture sur papier ou le stockage électronique) et quels que soient les moyens utilisés pour la transférer ou l'échanger (oralement, en main propre, par courrier, par déplacement de supports de stockage, par liens directs ou par mise en réseau).

Le présent document s'adresse aux organisations de tous types et de toutes tailles qui fournissent des soins de santé ou qui sont dépositaires d'informations de santé à caractère personnel pour d'autres raisons. Les informations dont ils sont responsables peuvent être stockées et traitées de nombreuses manières et dans de nombreux endroits possibles, y compris dans les locaux ou dans le cloud, mais elles restent dans le domaine d'application.

Le présent document s'applique à tous les lieux physiques où les soins de santé sont censés être dispensés, tels que les hôpitaux, les cliniques et autres lieux ou installations désignés à des fins de soins de santé, comme les ambulances et les unités mobiles d'imagerie ou de diagnostic. Elle s'applique également aux soins dispensés ailleurs, par exemple dans des locaux résidentiels. Outre l'éventail des contextes, ce document s'applique à toutes les méthodes de prestation de services, y compris les soins de santé à distance ou virtuels.
ICS: 35.030-IT Security, 35.240.80-IT applications in health care technology
CTN: ISO/TC 215 - 54960

Standards Cancellations

Anula a ISO/TS 14441:2013

Anula a ISO 27799:2016

International Equivalence

Identic PNE-EN ISO 27799

Identic DIN EN ISO 27799:2026-03

Normas Conjuntas

Trabajo conjunto

The book in the author's words

Ultricies magna feugiat malesuada sociosqu varius vivamus cubilia parturient, himenaeos vitae vehicula nam placerat netus urna platea, nostra rutrum felis mattis penatibus velit quisque.

Button
Frequently Asked Questions Do you have any questions about our products?
  • Standards UNE, EN, ISO, IEC, BSI, DIN, ASTM, AFNOR, IEEE, SAE
  • In addition, you can request the rules of the rest of the organizations through the e-mail normas@aenor.com
  • Technical books on paper and in electronic format (PDF, epub).

The standards can be purchased in PDF, reading or paper. The reading standards are not download files, they can only be viewed in the client area. The standards ordered on paper and some of the books in the catalogue are printed on demand. 

Check deadlines in normas@aenor.com.

The license of use is for one user and one device, if you want to reproduce the content of the standard, you must request a license that will have an additional cost. Send us your inquiry here 

The AENOR standards and books that appear in the online store can only be purchased exclusively through the website. AENOR does not have a physical store.

Purchase procedure: by clicking on "Buy" the desired products will go to the shopping cart. If there are display problems, the recommended browser is Chrome.

To formalize the purchase you must access the customer area. If you are not registered as a customer, you must fill in a form with the data along with a password and username. This will create the account.

Once the "Customer data" form has been completed, "Order in progress" will be displayed with all the items loaded in the shopping cart, their prices, taxes established in current legislation and shipping costs if applicable.

The prices of the standards and books that appear in the various sections do not include taxes or shipping costs.

AENOR promotional codes consist of alphanumeric characters and can only be applied to online purchases, received through a specific offer and for a limited time. To apply your promotional code, you just have to enter it in step 2 of 4 of the purchase process on the website and click on "apply", after you have identified yourself and chosen the payment methods. Promo codes are not cumulative.

 

  • Credit or debit card (Visa, Mastercard) and PayPal.
  • Bank transfer. If you opt for this form of payment, you must first send AENOR a copy of the transfer by email to normas@aenor.com
  • The purchase invoice can be downloaded from the customer area, in my previous orders

In the case of clients of companies based abroad, the taxpayer identification number of the corresponding country (for example, in Argentina the CUIT), must be filled in the CIF/NIF - VAT field .

  • Direct download via the website in the Customer Area. In the customer area, which can only be accessed with a password and username, the products purchased will be available for a period of fifteen days from the date of purchase, as long as the payment has been accepted. Files in digital format are protected and in no case editable. Before purchasing them, it is important that the license of use is read and accepted as a prior step to purchase.
  • Shipping by courier. Products purchased on physical media are shipped by courier. The maximum delivery time in Spanish territory, from the acceptance of the order by AENOR, is:
  •  Approximately seven working days for all standards purchased through the store in paper format.
  • Approximately three days for books purchased through the store. Stocks of paper books are limited and their offer on the website does not imply availability within the indicated period. In the event that the requested book is not available, the customer is notified of the delay in receiving the order, which will be approximately seven working days. 

For the rest of the products that are not on the website, check availability and delivery time at normas@aenor.com.

1. For digital products (PDF, Epub), once delivery has been made by direct download via the website in the Customer Area, you will not have the right to exercise your right of withdrawal.

2. For personalised products on paper, once the purchase has been made, you will not have the right to exercise your right of withdrawal.

3.  For all other paper products, you have the right to withdraw from the sale within 14 calendar days from the date of purchase. Remember that for the return it is essential that the product is in perfect condition, sealed by the packaging and preserving its original packaging. The customer will be responsible for pickup and shipping costs.

The order invoice includes shipping costs, so there is no amount to pay to the courier. Shipping costs are calculated based on both the final destination of the order and the number of products ordered. They include transport and packaging costs. Shipping costs are subject to periodic revisions. Outlet books will have free shipping costs only if the shipment is made in the Peninsula.

Destination Up to three standards and/or publications From three standards and/or publications
Peninsula 7,31€ 8,60€
Balearic Islands 18,04€ 23,34€
Canary Islands, Ceuta and Melilla  18,04€ 23,34€
Europe 59,17€ 80,07€
United States and Canada 70,07€ 96,94€
Rest of the world 91,94€ 115,91€
  • Purchases made by residents of the Member States of the European Union will be subject to the payment of VAT (value added tax).
  • ​​
  • In the case of legal persons and natural persons who, acting as entrepreneurs, are domiciled in a Member State of the European Union (except residents in Spain) and have an intra-community NIF/VAT registered in the VIES census, they will be exempt from paying VAT, being an essential condition the sending of this document by email to normas@aenor.com.
  • Purchases made in a private capacity (natural person), regardless of where they have their residence, will be subject to the payment of VAT.
  • Purchases made by entities in non-EU countries will be exempt from paying VAT, as long as they send the corresponding tax residence document by email to normas@aenor.com.
  • The sale operations will be understood to have been carried out at AENOR's registered office: Génova 6, 28004, Madrid – Spain. 

The contract for the purchase of products through this Website shall be governed by Spanish law. Any dispute arising out of or in connection with the use of the Website or such contract shall be subject to the exclusive jurisdiction of the Courts and Tribunals of Madrid.

Notwithstanding the foregoing, if you are entering into this contract as a consumer under the terms of Royal Decree 1/2007, nothing in this clause shall affect the rights that may be granted to you as such under applicable law.