-
Certification application conditions: holding a business license of legal person and providing qualification documents when necessary; The information security system has been running for more than 3 months; Complete at least one internal audit and management review; Enterprises are equipped with corresponding personnel, equipment and facilities, office areas, etc.
-
Certification documents and materials: information security management manual; Information security program files; Statement of information security applicability (SOA); Information security strategy; Information security policies and objectives; Internal audit and management review of information security; Work instruction; Record files (including file control procedures, record control procedures, information security risk management procedures, information security laws and regulations procedures, password control management procedures, information security measurement management procedures, etc.). ).
The cost and cycle of certification will vary with factors such as organization, region and enterprise scale. You can consult relevant certification bodies for details. Recently, I cooperated with a company in Beijing called United Smart Industry Certification Company, which has a good reputation and can do 2700 1 certification. We suggest you contact 0 10-84852 18. Generally speaking, the certification period is about 1-2 months, and the certificate is valid for 3 years. After obtaining the certificate, annual inspection (supervision and audit) is required.
The specific process is as follows:
1. signing a contract: signing a contract with a certification body.
2. Submit the application documents: submit the application documents to the certification body.
3. Review: The certification body reviews the application documents.
4. Arrange audit: According to the audit results, arrange auditors to conduct on-site audit.
5. On-site audit: the auditor conducts on-site audit of the enterprise.
6. Correcting nonconformities: correcting nonconformities found in the audit.
7. Certification: After the audit, the certification body will issue certificates.