ISO27001 to introduce
ISO27001 is the international standard for information security management. Originally from the British standard BS7799, after a decade of revision, it was finally converted into a formal international standard by the international organization for standardization (ISO) in 2005. It was issued on October 15, 2005 as ISO/IEC 27001:2005. This standard can be used in the organization's information security management system, the establishment and implementation of the organization's information security, the PDCA process method is used, based on risk assessment of the risk management idea, through continuous improvement of the organization's safety management systematically. For modern enterprises, is considered a cost center of the IT department will ever into positive value added service provider, is a challenge, and opportunities, and promote the opportunity to become a reality.
Obtain the conditions for certification
Should have the corresponding qualifications, (such as business license, organization code, relevant state administrative examination and approval of qualification or trade qualification), have the relevant facilities and resources, can operate normally. Can provide a record of operation activities for more than three months.
Get the certification process
Generally, the process of obtaining certification is divided into two phases.
Certification consultation stage: after the signing of the contract, our company will send consulting the teacher to the research of the enterprise, to determine the enterprise certification intent, help enterprises to determine the organization and responsibilities purview division, system coverage, and the establishment and perfect the system of certification required documents, to the enterprise staff related to training, and guide enterprises to run according to the requirement of the system documents, and help enterprises to carry out certification application.
Certification audit stage: auditors sent by certification bodies, to the enterprise according to the regulations of the certification standards and enterprise system documents of enterprise activities the certification scope of inspection, the key is to verify the situation of the enterprise and prepare the certification documents and records, inspection certificate report end certification institutions.
Achieve the effectiveness of certification
1. By defining, evaluating and controlling risks, ensuring the sustainability and capability of operations
2. Reduce the liability caused by the violation of the contract and the direct violation of the laws and regulations
3. Improve corporate competitiveness and corporate image by abiding by international standards
4. Clearly define the internal and external information interface objectives of all organizations: beware of misuse and loss of data
5. Establish safety tools
Beware of the loss of technical know-how
7. Enhance security awareness within the organization
8. As evidence of public accounting audit