Second, CCRC information security service qualification
1, information security risk assessment
2. Information security emergency treatment
3, information system security integration
4, information system disaster backup and recovery
5. Software security development
6, information system security operation and maintenance
7. Network security audit
8. Safety of industrial control system
Third, the initial identification process.
1, preparation stage
The applicant shall determine the service qualification type applied for according to the actual situation, log on to the website of China Information Security Certification Center for self-assessment (please refer to the Guide to Fill in the Self-assessment Form for Qualification Certification in information security service on the website of the center for the specific filling method of the self-assessment form), and submit the above documents and self-assessment certification materials to the center.
2. Off-site audit and business stage
The project manager appoints the audit team leader and coordinates the inspectors to form the audit team; The audit team leader prepares the off-site audit plan and sends it to all members of the audit team through the project management personnel;
3. Certification decision-making stage
The center certification decision-maker makes a certification decision on the audit materials submitted by the audit team leader; If the certification decision is passed, notify the project manager to prepare the certificate; If the authentication decision fails, the applicant will be informed of the reasons for the failure.
4. Certificate preparation stage
The project manager makes the certificate and mails it to the applicant.
Tips: The certificate issued by the unit applying for Grade III information security service qualification is valid for three years. No matter whether the information security service project case that has been implemented and passed the acceptance is submitted or not, it can only pass the certification decision.