Homepage / Favorites / 中文版
ISO27001
Public Time:2023-09-20 Origin:CHINA QUALITY CERTIFICATION CENTRE

Business Overview

The ISO/IEC 27001 standard provides an information security management system (ISMS) model for organizations of different types, sizes, and structures. An organization can preserve the confidentiality, integrity, and availability of information by applying a risk management process based on its overall business strategic decisions and goals. Process methods will be adopted to establish, implement, operate, monitor, review, maintain, and continuously improve the organization’s ISMS. Control measures will be implemented and operated from the perspective of overall business risk to manage the organization’s information security risks, and to give confidence to interested parties that risks are adequately managed.


The ISO/IEC 27001 standard aims to provide models for all types of organizations, including banks, telecommunications, research institutions, outsourcing service enterprises, software service enterprises, etc., in establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the ISMS. It also specifies the implementation requirements for developing security control measures to meet the needs of different organizations or their departments. The ISO/IEC 27001 standard covers information security in the broadest sense, providing the best business practice guidelines and principles for organizations to implement, maintain, and manage information security. It can be used as a basis for third-party certification.


Certification Standard

ISO/IEC 27001: 2013(GB/T 22080-2016)The new version of the certification standard is under revision and implemented as planned in 2022, within a conversion period of 2 years from the date of publication.


Benefits

Develop a “tailored” information security management control measures and institutional framework for protecting information assets; ensure the continuity and capability of operations by defining, assessing, and controlling risks; improve the competitiveness and image of an enterprise by adhering to international standards; clearly define the internal and external information interface objectives of all organizations: guarding against data misuse and loss, establishing guidelines for the use of security tools, avoiding the loss of technical know-how, and raising security awareness within the organization; reduce the risks brought by information security to sustainable development, and utilize information technology to create new strategic competitive opportunities for organizations; reduce the probability and effects of information risk to an acceptable level to maintain the continuity of organizational business operations.


Application Scenario

Under the permission of the Chinese government in accordance with relevant laws and regulations, ISMS certification is applicable to enterprises in sectors such as banks, telecommunication, research institutions, outsourcing service, software service, scientific research, social security, medical service, education, consulting, tourism and hotels, transportation, metallurgy, mining, food, drug and tobacco industry, and agriculture, forestry, animal husbandry and fishing industry.


Related Business

Information technology service management system, business continuity management system certification, cloud service information security management system, personal identifiable information security management system, and privacy information management system.

Introduction of Website / Exception Clause
Copyright by CHINA QUALITY CERTIFICATION CENTRE CO., LTD.