Skip to content
Cyber Compliance

HIPAAISO 27001 crosswalk

A control-by-control mapping between HIPAA Security Rule (45 CFR Part 164, Subpart C) and ISO/IEC 27001:2022. 9 mappings.

HIPAAISO 27001RelationshipNotes
§164.308(a)(6)
Security incident procedures
A.5.24
Information security incident management planning and preparation
PartialCurated
Réponse aux incidents et notification des violations
§164.308(a)(6)
Security incident procedures
A.5.26
Response to information security incidents
PartialCurated
Réponse aux incidents et notification des violations
§164.312(a)(1)
Access control
A.5.15
Access control
EquivalentCurated
Contrôle d'accès et identité
§164.312(a)(1)
Access control
A.5.16
Identity management
EquivalentCurated
Contrôle d'accès et identité
§164.312(b)
Audit controls
A.8.16
Monitoring activities
EquivalentCurated
Journalisation, surveillance et détection
§164.312(b)
Audit controls
A.8.15
Logging
EquivalentCurated
Journalisation, surveillance et détection
§164.312(e)(1)
Transmission security
A.8.24
Use of cryptography
EquivalentCurated
Cryptographie et protection des données
§164.404
Notification to individuals
A.5.24
Information security incident management planning and preparation
RelatedCurated
Réponse aux incidents et notification des violations
§164.404
Notification to individuals
A.5.26
Response to information security incidents
RelatedCurated
Réponse aux incidents et notification des violations

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.