omniseq.nl

Information Security and GDPR

Standards

Many standards that claim to cover information security exist and it may be hard for the untrained eye to tell them apart. However, not all so-called standards are created equal.

 

-ISO 27001; the gold standard for information security; all-encompassing globally recognized standard

-PCI DSS; compliance is required for companies in the Payment Card Industry; focuses on the protection of card holder data

-ISAE 3402; international successor of SAS-70, a US based (empty) standard, compulsory for listed companies and also popular in the financial segment; derived requirements for data centers focus mostly on physical protection  

-SOC I & II; comes from the US financial audit world; focuses on correct processing of company financials

-TIA 942; specific for data centers; focuses on physical protection and operational excellence; audits are performed by the Uptime Institute

-GDPR; new EU Regulation for the protection of privacy of EU citizens; this is not a standard, but an EU-wide law.