Back to Frameworks
ISO 27799
International
v2016
18 domains
46 controls
Information security management in health using ISO 27002
Unverified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (18)
Access Control
3 controls
| Code | Title |
|---|---|
| ISO27799-11.1 | Access Control to Health Records |
| ISO27799-11.2 | User Authentication for Clinicians |
| ISO27799-11.3 | Remote Access to Clinical Systems |
Acquisition
1 controls
| Code | Title |
|---|---|
| ISO27799-14.1 | Secure Development of Clinical Applications |
Asset Management
2 controls
| Code | Title |
|---|---|
| ISO27799-7.1 | Asset Inventory for Health Records |
| ISO27799-7.2 | Classification of Health Information |
Communications
1 controls
| Code | Title |
|---|---|
| ISO27799-13.1 | Communications Security and Health Interfaces |
Compliance
1 controls
| Code | Title |
|---|---|
| ISO27799-18.1 | Compliance with Health Sector Regulations |
Continuity
1 controls
| Code | Title |
|---|---|
| ISO27799-17.1 | Continuity of Clinical Operations |
Cryptography
1 controls
| Code | Title |
|---|---|
| ISO27799-12.1 | Cryptography for Health Information |
Governance
2 controls
| Code | Title |
|---|---|
| ISO27799-6.1 | Health Information Security Policy |
| ISO27799-6.2 | Health Information Governance Committee |
ISO 27799: Administrative Safeguards
6 controls
Organizational security management (ISO 27799)
| Code | Title |
|---|---|
| ISO27799-06 | Security management process and risk analysis |
| ISO27799-07 | Workforce security and clearance procedures |
| ISO27799-08 | Information access management |
| ISO27799-09 | Security awareness and training program |
| ISO27799-10 | Contingency planning for ePHI |
| ISO27799-11 | Business associate management |
ISO 27799: Organizational Requirements
4 controls
Policies, procedures, and documentation (ISO 27799)
| Code | Title |
|---|---|
| ISO27799-21 | Security and privacy policies |
| ISO27799-22 | Documentation and record retention |
| ISO27799-23 | Compliance evaluation and review |
| ISO27799-24 | Incident reporting procedures |
ISO 27799: Patient Data Protection
5 controls
Safeguarding protected health information (ISO 27799)
| Code | Title |
|---|---|
| ISO27799-01 | ePHI access controls and authorization |
| ISO27799-02 | ePHI encryption at rest and in transit |
| ISO27799-03 | Minimum necessary standard enforcement |
| ISO27799-04 | Patient data de-identification procedures |
| ISO27799-05 | Audit trail for ePHI access |
ISO 27799: Physical Safeguards
4 controls
Physical security for systems with ePHI (ISO 27799)
| Code | Title |
|---|---|
| ISO27799-17 | Facility access controls |
| ISO27799-18 | Workstation security and use policies |
| ISO27799-19 | Device and media controls |
| ISO27799-20 | Disposal and re-use procedures |
ISO 27799: Technical Safeguards
5 controls
Technical measures for ePHI protection (ISO 27799)
| Code | Title |
|---|---|
| ISO27799-12 | Unique user identification and authentication |
| ISO27799-13 | Automatic logoff and session management |
| ISO27799-14 | Audit controls and monitoring |
| ISO27799-15 | Integrity controls for ePHI |
| ISO27799-16 | Transmission security and encryption |
Incident
1 controls
| Code | Title |
|---|---|
| ISO27799-16.1 | Incident Management for Health Data Breach |
Operations
4 controls
| Code | Title |
|---|---|
| ISO27799-10.1 | Operational Procedures for Clinical Systems |
| ISO27799-10.2 | Backup of Health Records |
| ISO27799-10.3 | Audit Logging in Clinical Systems |
| ISO27799-10.4 | Anti-malware on Clinical Endpoints |
People
2 controls
| Code | Title |
|---|---|
| ISO27799-8.1 | Workforce Security in Healthcare |
| ISO27799-8.2 | Health Information Awareness Training |
Physical
2 controls
| Code | Title |
|---|---|
| ISO27799-9.1 | Physical Security in Healthcare Facilities |
| ISO27799-9.2 | Equipment Security and Medical Devices |
Supplier
1 controls
| Code | Title |
|---|---|
| ISO27799-15.1 | Supplier Relationships for Health IT |
Your Compliance Coverage
If you comply with ISO 27799, you already cover:
NIST SP 800-66
26%
12 controls mapped
Compare →MDS2 (Medical Device)
26%
12 controls mapped
Compare →MARS-E
26%
12 controls mapped
Compare →+ 209 more: ISO 13485 (26%), NIST Privacy Framework (24%)
See all 212 mapped frameworks ↓Maps to 212 other frameworks
46 total controls
NIST SP 800-66
12 source controls mapped|4 target controls covered
26%
MDS2 (Medical Device)
12 source controls mapped|5 target controls covered
26%
MARS-E
12 source controls mapped|7 target controls covered
26%
ISO 13485
12 source controls mapped|13 target controls covered
26%
NIST Privacy Framework
11 source controls mapped|5 target controls covered
24%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
11 source controls mapped|8 target controls covered
24%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
10 source controls mapped|10 target controls covered
22%
Oman National Cybersecurity Framework
10 source controls mapped|3 target controls covered
22%
FTC GLBA Safeguards Rule (16 CFR Part 314)
10 source controls mapped|2 target controls covered
22%
ISO 27001:2022
10 source controls mapped|10 target controls covered
22%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
10 source controls mapped|8 target controls covered
22%
Virginia CDPA
9 source controls mapped|2 target controls covered
20%
Vietnam PDPD
9 source controls mapped|2 target controls covered
20%
Uruguay DPL
9 source controls mapped|3 target controls covered
20%
Turkey KVKK
9 source controls mapped|2 target controls covered
20%
Texas Data Privacy Act
9 source controls mapped|2 target controls covered
20%
Taiwan PDPA
9 source controls mapped|2 target controls covered
20%
Qatar DPL
9 source controls mapped|2 target controls covered
20%
Privacy Act 2020
9 source controls mapped|3 target controls covered
20%
POPIA
9 source controls mapped|3 target controls covered
20%
Personal Data Act (personopplysningsloven)
9 source controls mapped|3 target controls covered
20%
PDPA Thailand
9 source controls mapped|3 target controls covered
20%
PDPA Singapore
9 source controls mapped|3 target controls covered
20%
Oregon Consumer Privacy Act
9 source controls mapped|3 target controls covered
20%
NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security
9 source controls mapped|4 target controls covered
20%
NIST SP 800-122
9 source controls mapped|2 target controls covered
20%
Nigeria Data Protection Regulation (NDPR)
9 source controls mapped|2 target controls covered
20%
Nigeria Data Protection Act 2023 (NDPA)
9 source controls mapped|5 target controls covered
20%
Nebraska Data Privacy Act
9 source controls mapped|5 target controls covered
20%
New Jersey Data Privacy Act
9 source controls mapped|3 target controls covered
20%
New Hampshire Data Privacy Act
9 source controls mapped|3 target controls covered
20%
Montana Consumer Data Privacy Act
9 source controls mapped|3 target controls covered
20%
Minnesota Consumer Data Privacy Act
9 source controls mapped|3 target controls covered
20%
Mexico LFPDPPP
9 source controls mapped|4 target controls covered
20%
Mauritius DPA
9 source controls mapped|4 target controls covered
20%
Maryland Online Data Privacy Act of 2024
9 source controls mapped|3 target controls covered
20%
Malaysia PDPA 2010
9 source controls mapped|3 target controls covered
20%
Liechtenstein DPA
9 source controls mapped|2 target controls covered
20%
LGPD
9 source controls mapped|2 target controls covered
20%
Kentucky Consumer Data Protection Act
9 source controls mapped|4 target controls covered
20%
Jamaica Data Protection Act 2020
9 source controls mapped|4 target controls covered
20%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
9 source controls mapped|4 target controls covered
20%
APPI
9 source controls mapped|4 target controls covered
20%
Bahrain PDPL
9 source controls mapped|4 target controls covered
20%
NIST SP 800-53 Rev 5
9 source controls mapped|20 target controls covered
20%
PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments
9 source controls mapped|2 target controls covered
20%
ISO/IEC 27011:2024
9 source controls mapped|7 target controls covered
20%
NIST SP 800-146
8 source controls mapped|3 target controls covered
17%
NIST SP 800-145
8 source controls mapped|3 target controls covered
17%
NIST SP 800-144
8 source controls mapped|4 target controls covered
17%
NAIC Insurance Data Security Model Law (MDL-668)
8 source controls mapped|3 target controls covered
17%
MTCS (Singapore)
8 source controls mapped|5 target controls covered
17%
ISO 27018
8 source controls mapped|8 target controls covered
17%
BSI IT-Grundschutz
8 source controls mapped|11 target controls covered
17%
Azure Security Benchmark
8 source controls mapped|7 target controls covered
17%
AWS Well-Architected Security Pillar
8 source controls mapped|7 target controls covered
17%
ISO 27017
8 source controls mapped|7 target controls covered
17%
NIST SP 800-190
8 source controls mapped|7 target controls covered
17%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
8 source controls mapped|15 target controls covered
17%
ASD Strategies to Mitigate Cyber Security Incidents
8 source controls mapped|6 target controls covered
17%
TISAX - Trusted Information Security Assessment Exchange
8 source controls mapped|2 target controls covered
17%
Peru DPL
8 source controls mapped|2 target controls covered
17%
South Korea PIPA
7 source controls mapped|2 target controls covered
15%
SLSA
7 source controls mapped|2 target controls covered
15%
SIG (Shared Assessments)
7 source controls mapped|3 target controls covered
15%
PTES
7 source controls mapped|2 target controls covered
15%
OWASP SAMM
7 source controls mapped|2 target controls covered
15%
OWASP MASVS
7 source controls mapped|4 target controls covered
15%
OpenSSF Scorecard
7 source controls mapped|3 target controls covered
15%
O-RAN WG11 Security Specification
7 source controls mapped|3 target controls covered
15%
NIST SP 800-92
7 source controls mapped|3 target controls covered
15%
NIST SP 800-88
7 source controls mapped|3 target controls covered
15%
NIST SP 800-63-4
7 source controls mapped|3 target controls covered
15%
NIST SP 800-61
7 source controls mapped|3 target controls covered
15%
NIST SP 800-137
7 source controls mapped|3 target controls covered
15%
NIST SP 800-123
7 source controls mapped|3 target controls covered
15%
NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)
7 source controls mapped|2 target controls covered
15%
MITRE ATT&CK
7 source controls mapped|4 target controls covered
15%
ISO 27043
7 source controls mapped|9 target controls covered
15%
ISO/SAE 21434
7 source controls mapped|9 target controls covered
15%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
7 source controls mapped|2 target controls covered
15%
ISO/IEC 27400:2022
7 source controls mapped|4 target controls covered
15%
TSA Pipeline Cybersecurity Directives
6 source controls mapped|2 target controls covered
13%
NIST AI Risk Management Framework (AI RMF 1.0)
6 source controls mapped|5 target controls covered
13%
Secure by Design: A Guide for Manufacturers (CISA)
6 source controls mapped|2 target controls covered
13%
Sigstore - Software Artifact Signing and Verification
6 source controls mapped|2 target controls covered
13%
IEC 62351 - Power Systems Communication Security
6 source controls mapped|3 target controls covered
13%
ISO/IEC 27010:2015
6 source controls mapped|4 target controls covered
13%
NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices
6 source controls mapped|4 target controls covered
13%
Annex 11 to EU GMP - Computerised Systems
5 source controls mapped|3 target controls covered
11%
FBI CJIS Security Policy
5 source controls mapped|5 target controls covered
11%
UK Gambling Commission - Cyber Resilience Requirements
5 source controls mapped|1 target controls covered
11%
FFIEC Cybersecurity Assessment Tool (CAT)
5 source controls mapped|5 target controls covered
11%
ISO 28001:2007 Supply Chain Security Management
5 source controls mapped|3 target controls covered
11%
ISO 20000-1
5 source controls mapped|2 target controls covered
11%
NIS2 Directive Implementing Acts
5 source controls mapped|1 target controls covered
11%
UNICEF Policy Guidance on AI for Children (2021)
4 source controls mapped|1 target controls covered
9%
UNESCO Recommendation on the Ethics of AI
4 source controls mapped|2 target controls covered
9%
UK GDPR (UK General Data Protection Regulation)
4 source controls mapped|2 target controls covered
9%
UK AI Regulation Framework
4 source controls mapped|2 target controls covered
9%
OECD AI Principles
4 source controls mapped|2 target controls covered
9%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
4 source controls mapped|2 target controls covered
9%
NIS2 Directive
4 source controls mapped|2 target controls covered
9%
New Zealand Information Security Manual (NZISM)
4 source controls mapped|2 target controls covered
9%
Japan AI Guidelines
4 source controls mapped|2 target controls covered
9%
ICAO Annex 17 - Aviation Security (AVSEC)
4 source controls mapped|2 target controls covered
9%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
4 source controls mapped|2 target controls covered
9%
ISO 27019
4 source controls mapped|4 target controls covered
9%
IEC 62443
4 source controls mapped|4 target controls covered
9%
ISO/IEC 23894:2023
4 source controls mapped|4 target controls covered
9%
API 1164
4 source controls mapped|4 target controls covered
9%
GDPR
4 source controls mapped|3 target controls covered
9%
Barbados Data Protection Act 2019
4 source controls mapped|3 target controls covered
9%
NIST SP 1800-32
4 source controls mapped|4 target controls covered
9%
IATA Operational Safety Audit (IOSA) Standards Manual
4 source controls mapped|1 target controls covered
9%
ITU-T X.805 - Security Architecture for End-to-End Communications
4 source controls mapped|2 target controls covered
9%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
4 source controls mapped|2 target controls covered
9%
Florida Digital Bill of Rights (FDBR)
4 source controls mapped|3 target controls covered
9%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
4 source controls mapped|5 target controls covered
9%
3GPP 5G Security Architecture (TS 33.501)
4 source controls mapped|5 target controls covered
9%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
3 source controls mapped|2 target controls covered
7%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
3 source controls mapped|3 target controls covered
7%
ISO 27005
3 source controls mapped|4 target controls covered
7%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
3 source controls mapped|2 target controls covered
7%
NIST Cybersecurity Framework 2.0
3 source controls mapped|5 target controls covered
7%
SSAE 18 - Attestation Standards (SOC Reporting)
3 source controls mapped|5 target controls covered
7%
Authorised Economic Operator (AEO) Programmes - Global Standards
3 source controls mapped|3 target controls covered
7%
Canada ITSG-33 - IT Security Risk Management
3 source controls mapped|1 target controls covered
7%
SOC 2
3 source controls mapped|2 target controls covered
7%
ITIL 4
3 source controls mapped|1 target controls covered
7%
Trinidad and Tobago Data Protection Act 2011
3 source controls mapped|3 target controls covered
7%
Tanzania Personal Data Protection Act (Draft)
3 source controls mapped|1 target controls covered
7%
Student Privacy Pledge 2020
3 source controls mapped|1 target controls covered
7%
Paraguay Law on Protection of Personal Data (Law No. 6534/2020)
3 source controls mapped|1 target controls covered
7%
Nevada Gaming Control Board Cybersecurity Requirements
3 source controls mapped|1 target controls covered
7%
Jordan Draft Personal Data Protection Law (2022)
3 source controls mapped|2 target controls covered
7%
Azerbaijan Law on Personal Data (2010)
3 source controls mapped|2 target controls covered
7%
ISO 26000:2010
3 source controls mapped|1 target controls covered
7%
Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)
3 source controls mapped|2 target controls covered
7%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
3 source controls mapped|3 target controls covered
7%
ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary
3 source controls mapped|4 target controls covered
7%
FIDO2 / WebAuthn
3 source controls mapped|1 target controls covered
7%
ISO 19011
3 source controls mapped|4 target controls covered
7%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
3 source controls mapped|4 target controls covered
7%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
3 source controls mapped|4 target controls covered
7%
AML/CTF Act 2006 (Australia)
2 source controls mapped|2 target controls covered
4%
OWASP Top 10 for LLM Applications 2025
2 source controls mapped|4 target controls covered
4%
PSD2 SCA
2 source controls mapped|1 target controls covered
4%
OSFI B-13
2 source controls mapped|1 target controls covered
4%
Open Banking Security
2 source controls mapped|1 target controls covered
4%
NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)
2 source controls mapped|3 target controls covered
4%
NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)
2 source controls mapped|1 target controls covered
4%
Monetary Authority of Singapore Technology Risk Management Guidelines
2 source controls mapped|1 target controls covered
4%
ISO 31000:2018
2 source controls mapped|2 target controls covered
4%
FFIEC IT Examination Handbook
2 source controls mapped|1 target controls covered
4%
APRA CPS 234
2 source controls mapped|1 target controls covered
4%
PCI SSF
2 source controls mapped|1 target controls covered
4%
NSA Guidance for Transition to Quantum-Resistant Cryptography
2 source controls mapped|3 target controls covered
4%
PCI P2PE
2 source controls mapped|1 target controls covered
4%
PCI PIN Security
2 source controls mapped|1 target controls covered
4%
UK FCA/PRA Operational Resilience Framework
1 source controls mapped|1 target controls covered
2%
SEC Climate Disclosure Rule
1 source controls mapped|1 target controls covered
2%
Own Risk and Solvency Assessment (ORSA) - NAIC Model Act
1 source controls mapped|2 target controls covered
2%
OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update)
1 source controls mapped|1 target controls covered
2%
NIST SP 800-39
1 source controls mapped|1 target controls covered
2%
NIST SP 800-37
1 source controls mapped|2 target controls covered
2%
NIST SP 800-30
1 source controls mapped|3 target controls covered
2%
NERC CIP
1 source controls mapped|1 target controls covered
2%
Lloyd's of London Cyber Insurance Requirements and Underwriting Standards
1 source controls mapped|2 target controls covered
2%
German Supply Chain Due Diligence Act (LkSG)
1 source controls mapped|2 target controls covered
2%
French Sapin II Law (Law No. 2016-1691)
1 source controls mapped|2 target controls covered
2%
ISO 22000
1 source controls mapped|1 target controls covered
2%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
2%
ISO 26262:2018 - Functional Safety for Road Vehicles
1 source controls mapped|1 target controls covered
2%
ISO/IEC 29134:2023
1 source controls mapped|3 target controls covered
2%
ISO/IEC 27014:2020
1 source controls mapped|2 target controls covered
2%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
2%
AS9100D - Aerospace Quality Management System
1 source controls mapped|2 target controls covered
2%
ISO/IEC 27003:2017
1 source controls mapped|2 target controls covered
2%
ISO/IEC 29147:2018
1 source controls mapped|1 target controls covered
2%
ISO/IEC 27031:2011
1 source controls mapped|1 target controls covered
2%
ISO 41001:2018 - Facility Management Systems
1 source controls mapped|1 target controls covered
2%
ISO 39001:2012 - Road Traffic Safety Management
1 source controls mapped|1 target controls covered
2%
ISO 50001:2018 - Energy Management Systems
1 source controls mapped|1 target controls covered
2%
ISO 22313:2020 - Guidance on Business Continuity Management Systems
1 source controls mapped|1 target controls covered
2%
EASA Part-IS - Information Security in Aviation
1 source controls mapped|2 target controls covered
2%
FedRAMP High
1 source controls mapped|1 target controls covered
2%
NIST SP 800-53 Revision 5.1 HIGH
1 source controls mapped|1 target controls covered
2%
FedRAMP Moderate
1 source controls mapped|1 target controls covered
2%
NIST SP 800-53 Rev 5 MODERATE
1 source controls mapped|1 target controls covered
2%
NIST SP 800-53 Rev 5 LOW
1 source controls mapped|1 target controls covered
2%
APRA SPS 220 Risk Management (Superannuation)
1 source controls mapped|1 target controls covered
2%
ISO 31000
1 source controls mapped|3 target controls covered
2%
ISO 45001
1 source controls mapped|1 target controls covered
2%
AICPA Privacy Management Framework (PMF)
1 source controls mapped|1 target controls covered
2%
NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management
1 source controls mapped|1 target controls covered
2%
SANS Incident Handler's Handbook and PICERL Methodology
1 source controls mapped|1 target controls covered
2%
Space ISAC (Information Sharing and Analysis Center) - Threat Framework
1 source controls mapped|1 target controls covered
2%
Aged Care Quality Standards (Australia)
1 source controls mapped|1 target controls covered
2%
PIC/S Guide to Good Manufacturing Practice for Medicinal Products
1 source controls mapped|1 target controls covered
2%
NIST SP 800-171
1 source controls mapped|1 target controls covered
2%
ISO/IEC 25012:2008 - Data Quality Model
1 source controls mapped|1 target controls covered
2%
ITAR - International Traffic in Arms Regulations
1 source controls mapped|2 target controls covered
2%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
2%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
1 source controls mapped|1 target controls covered
2%
ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)
1 source controls mapped|1 target controls covered
2%
WCAG 2.2
1 source controls mapped|1 target controls covered
2%
W3C Verifiable Credentials (VC) Data Model 2.0
1 source controls mapped|1 target controls covered
2%
Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter
1 source controls mapped|1 target controls covered
2%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|2 target controls covered
2%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
2%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
2%
Frequently Asked Questions
What is ISO 27799?
ISO 27799 is a compliance framework from International with 18 domains and 46 controls. Information security management in health using ISO 27002 It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO 27799 have?
ISO 27799 has 46 controls organised across 18 domains. The largest domains are ISO 27799: Administrative Safeguards (6 controls), ISO 27799: Patient Data Protection (5 controls), ISO 27799: Technical Safeguards (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO 27799 map to?
ISO 27799 maps to 212 other compliance frameworks. The top mapping partners are NIST SP 800-66 (26% coverage), MDS2 (Medical Device) (26% coverage), MARS-E (26% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO 27799 compliance?
Start your ISO 27799 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO 27799 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 46 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required