The requirements of ISO/IEC2700 1 (Information Technology Security Technology Information Security Management System) are a part of an organization's overall management system, a series of management activities such as the establishment, implementation, operation, monitoring, review, maintenance and improvement of information security based on risk assessment, and a method system used by an organization to establish information security policies and objectives in a whole or specific scope.
ISO/IEC2700 1 is the standard for establishing and maintaining information security management system. On the basis of risk assessment, it requires organizations to adopt a series of processes, such as determining the scope of information security management system, formulating information security policies and strategies, defining management responsibilities, and selecting control objectives and measures, so as to realize a dynamic, systematic, all-staff, institutionalized and prevention-oriented information security management model.
ISMS certification needle is the standard of ISMS organization that conforms to GB/T 22080/
Certification required by ISO/IEC2700 1 This is the guarantee provided by the authoritative third-party audit: the certification body has implemented ISMS, which conforms to GB/T 22080/ ISO/IEC.
2700 1 standard requirements. Certified organizations will be registered.
Information security is a must for every enterprise or organization, so information security management system certification has universal applicability and is not limited by region, industry category and company size. Judging from the current situation of certified enterprises, most of them involve insurance, securities, banking, industries involved in the financial industry chain (bill printing, IC card manufacturing), enterprises that provide services for the financial industry, telecommunications industry, power industry, data processing center, software outsourcing, software development and other industries. The implementation requirements of safety control measures customized to meet the needs of different organizations or their departments are specified.
ф o27001Information Security Management System divides the whole information security management system into five stages, including 250 key activities. If each situational activity can be completed well, an effective ISMS can be established and the overall blueprint for information security construction can be realized. It is more natural to be certified by ISO2700 1 audit.
1. Current situation investigation stage: investigate the current situation of the organization's information security management from the aspects of daily operation and maintenance, management mechanism and system configuration, and make the relevant personnel of the organization fully understand the basic knowledge of information security management through training.
2. Risk assessment stage: analyze the asset value, threat factors and vulnerability of the organization's information assets, so as to assess the organization's information security risks and choose appropriate measures and methods to achieve the purpose of risk management.
Third, management planning stage: according to the organization's strategy for information security risks, formulate corresponding overall information security planning, management planning, technology planning, etc. And form a complete information security management system.
Four. System implementation stage: after the establishment of ISMS (the system document is officially released and implemented), it needs a certain period of trial operation to test its effectiveness and stability.
Verb (abbreviation of verb) authentication and audit stage: After a period of operation, ISMS has reached a stable state, and all documents and records have been established. You can submit the certification at this time.