Shanxi Taiyuan ISO27001 information security recognition application project lightning out on the same day

  1、 What is iso27001:2013?
ISO27001 recognized:
It is a recognition that the organization's information security management system (ISMS) meets the requirements of ISO27001
This is a guarantee provided after passing the third-party audit: the recognized organization has implemented the information security management system and meets the requirements of ISO27001 standard

The confidential, complete and usable information of the enterprise is widely recognized as a global standard of confidentiality, protection and availability
ISO27001 is applicable to any organization and enterprise, and the validity period of the letter is 3 years
Through the ISO27001 accreditation organization, make inquiries on the website of China National Accreditation Administration (CNCA)

2、 What are the benefits and functions of ISO27001?
ISO27001 is about the information security management system, which can effectively ensure the reliability of enterprises in the field of information security, reduce the risk of enterprise disclosure and better preserve core data

Enhance the corporate image and enhance the competitiveness of enterprises
1
Ensure business continuity and capability by defining, assessing and controlling risks
2
Reduce responsibilities caused by contract violations and direct violations of laws and regulations
3
Improve the competitiveness and image of enterprises by complying with standards
4
Clearly define the internal and external information interface objectives of all organizations: beware of misuse and loss of data
5
Establish guidelines for the use of safety tools
6
Beware of loss of technical know-how
7
Enhance safety awareness within the organization
8
It can be used as the basis for public accounting audit
3、 Which enterprises can apply for ISO27001 recognition?
Information security is necessary for every enterprise or organization, so the information security management system is generally applicable and is not limited by region, industry category and company scale

From the current situation of recognized enterprises, most of them are:
Information based industries:
1
Financial industry: banking, insurance, etc
2
Communication industry: Telecom, Netcom, China Mobile, China Unicom, etc
3
Bag Companies: foreign trade, import and export, HR, headhunting, accounting firms, etc
Industries with high dependence on Information Technology:
1
Steel, semiconductor, logistics
2
Electricity and energy
3
Outsourcing (ITO or BPO): it, software, telecom IDC, call center, data entry, data processing, etc
High technological requirements and desired by competitors:
1
Fine chemical industry
2
Research institutions
4、 What are the conditions for enterprises to apply for ISO27001?
Basic conditions for applying for ISO27001 accreditation:
1) Chinese enterprises hold the business license of enterprise legal person, production license or equivalent documents issued by the administrative department for Industry and commerce; The foreign enterprise shall hold the registration certificate of the relevant institution

2) The information security management system of the applicant has been established according to the requirements of ISO 27001:2013 standard and has been implemented for more than 3 months

3) At least one information security risk assessment, internal audit and management review have been completed

4) During the operation of the information security management system and within one year before the establishment of the system, it has not been subject to administrative punishment by the competent department

5) The applicant enterprise has no serious breach of credit
Documents and materials to be submitted for ISO27001 application:
1) Organization legal documents, such as copies of business license and annual inspection certificate (with official seal);
2) Copy of organization code book and tax registration (with official seal);
3) The applicant shall apply for the explicit documents for the effective operation of the organization's information security management system (such as the release control of system documents)