ISO 27001
Introduction
Information Security Management System (referred to as ISMS) is a new concept, from the United Kingdom in the field of information security management system in 1998. In recent years, along with the preparation and amendment of the ISMS international standards, the ISMS reaches rapid global acceptance and recognition, becoming the world, all types of organizations of all sizes an effective way to address information security issues. ISMS certification can show an effective way to prove itself to the community and its stakeholders.
The current 27001 version is ISO/IEC 27001:2013, and the main change is the use of high-level architecture, which is a compatible architecture with all future ISO international standards, such as 9001, 14001,45001,22000..etc.
The main changes in the new version are as follows:
1. The information security risk management process can be carried out in accordance with ISO 31000:2009 risk management standards, and risk assessment based on organizational panorama, internal and external stakeholder concerns, information security strategies and goals. The use of information assets for risk assessment is no longer emphasized.
2. The use of the term "documented information" no longer emphasizes the requirements of first- to fourth-level documented architectures.
The number of control areas has increased from the original 11 control areas (A.5 to A.15) to 14 control areas (A.5 to A.18), mainly adding "passwords" and "suppliers". "Relationship" and the original "Communication and Operation Management" control area have been expanded into "operational safety" and "communication safety", but the control target has been reduced from 39 to 35, and the number of control measures has been reduced from 133 to 113. Effectively correspond to control objectives and control measures.
The advantages of APB
- Usually you can obtain the certificates within 1.5 months.
- You can obtain the certificates within 3 weeks on urgent case.
- Qualified assessors can provide the enterprises with effective Assessment service.
- We can issue multi-site ISO certificates for multi-national enterprises.
Why should verify the ISO 27001?
1.The prevention of information security incidents, to ensure the continuity of the organization's business, the organization's information assets are consistent with the value of protection, including prevention of: important commercial secret information leakage, loss, tampering and is not available; important business depends on information systems due to failure, suffering from a virus or attack interrupted;
2.Cost-saving.
A good ISMS can not only save costs by avoiding safety incidents leaving the organization, but also can? It can also reasonably plan and prepare information security expenses, including: According to the information assets of the level of risk, to arrange the investment priorities of safety control measures; information assets for acceptable risk, will not invest in security control;
3. To maintain a well-organized competitive and successful operation of the state, improve the public image and reputation, increase in the maximum return on investment and business opportunities;
4. To enhance the trust and confidence of customers, partners and other stakeholders.
The benefits of ISO 27001
1.to protect the intellectual property rights, trademarks, competitive advantage;
2.Maintenance of corporate reputation, brand and customer trust;
3.Reduce the possibility of the potential of the potential risks, to reduce the information system failures, economic losses caused by the loss of personnel;
4.Strengthen staff awareness of information security, regulate the organization of information security behavior;
5.In the information system is affected, to ensure that business is ongoing and minimize losses.
ISMS verification certificate for what type of organization
ISO / IEC 27001:2005, made it clear that the requirements of the standard is generic and applicable to all organizations, regardless of their type, size and nature of business.ISO / IEC 27001:2005 can be used as assessment of the organization to meet customer, the organization itself as well as laws and regulations as determined by the ability of information security requirements based on self-assessment and independent third-party certification.
These organizations are mainly concentrated in the following industries:
1. Semiconductor industry
2. Software outsourcing industry
3. The financial industry and the insurance industry
4. Communications industry:
5. e-commerce industry
6. Other industries: as long as it is related to IP protection, industry standards and legal and regulatory requirements, their own development needs, the
organization will gradually step up efforts in the security building, for example,the U.S. Sarbanes-Oxley Act (Sarbanes-Oxley Act, referred to SOX), due to the
audit of internal control requirements, the organization is bound to the investment in information security concern because information security control is an
indispensable part of the internal control of listed companies registered with the SEC.
