ISO27001
1. Introduction to ISO27001
ISO27001 is an international standard for information security management. Originally from the British standard BS7799, after ten years of continuous revision, it was finally transformed into a formal international standard by the International Organization for Standardization (ISO) in 2005 and released as ISO/IEC 27001:2005 on October 15, 2005. This standard can be used for the establishment and implementation of the information security management system of the organization to ensure the information security of the organization. PDCA process method is used to improve the safety management of the organization in an all-round and systematic way based on the risk management concept of risk assessment. For modern enterprises, it is a challenge and an opportunity to transform IT departments previously considered as cost centers into active value-added service providers, and to promote this opportunity to become a reality.
2. Requirements for Acquisition of Certification
They should have corresponding qualifications (such as business license, organization code, relevant national administrative approval qualification or industry qualification), relevant facilities and resources, and be able to carry out normal business activities. It can provide record of business activities for more than three months.
3. Procedures for obtaining certification
The process of obtaining certification is usually divided into two stages.
Certification Consulting Stage: After the signing of the contract, our company will send consultant teachers to the enterprise to conduct research, determine the intention of the enterprise's certification, help the enterprise to determine the organizational structure and the division of responsibilities and powers, the coverage of the system, compile and improve the system documents needed for certification, train and guide the relevant personnel of the enterprise. Enterprises operate according to the requirements of system documents and help enterprises to apply for certification.
Authentication and Audit Stage: The auditors sent by the certification bodies will check the activities of enterprises applying for the scope of certification according to the certification standards and enterprise system documents. The emphasis is on verifying the situation of enterprises and compiling certification documents and records, and report to the certification bodies for certification at the end of the inspection.
4. Major Recording Documents
Management Manual, Information Security Applicability Statement, Information Security Management System Policy and Procedure Document (Information Security Risk Assessment Management Procedure, Document Control Procedure, Record Control Procedure, Information Processing Equipment Management Procedure, Document Information Secret Level Control Procedure, Monitoring and Measurement Management Procedure, Corrective Preventive Measures Control Procedure) Human Resource Management Procedure, Information Security Training Management Procedure, Information Security Personnel Investigation and Secret Management Procedure, Malware Control Procedure, Business Continuity Management Procedure, Change Control Procedure, Third Party Service Management Procedure, Management Review Control Procedure, Physical Access Control Procedure, User Access Control Procedure Control strategy (information resource security strategy, mobile code prevention strategy, backup security strategy, third party access strategy, physics) for remote access management program, system development and maintenance control program, accident vulnerability and fault management program, internal audit control program, important information backup management program, etc. Access Policy, Change Management Security Policy, Virus Prevention Policy, Account Management Policy, Clean Desktop and Screen Cleaning Policy, Physical Media Security Policy in Transportation, E-mail Policy, Equipment and Cable Security Policy, Intrusion Detection Policy, etc.)
We have professional consultants to guide enterprises to complete the above information and sign contracts to guarantee 100% certification.