Time of establishment: different levels of certification have different requirements for the time of establishment of enterprises. Generally speaking, an enterprise that handles the first-level certification needs to be established for three years, the second-level certification requires the enterprise to be established for three years or hold the third-level certificate for one year, and the third-level certification requires the enterprise to be established for half a year.
Requirements for technicians: Enterprises need a certain number and qualification of information security technicians. The specific number and qualification requirements also vary according to the different certification levels. For example, the third-level certification requires no less than 6 social security personnel in the past three months, including no less than 1 person for computer-related professionals who have graduated from undergraduate courses for about 6 years; The first-level certification requires that the number of social security personnel reach more than 30 in the past three months.
Project experience: Enterprises need to provide recently completed information security service project contracts, acceptance reports, invoices, bank receipts and other related materials to prove their practical experience and ability in information security service.
Business scope: The business license scope of an enterprise needs to correspond to the direction of information security service, such as software security development, security integration, security operation and maintenance, etc.
Management system and technical support: Enterprises need to establish a sound information security management system and technical support measures, including security policies, security control, security training, etc., and invest sufficient resources to ensure the effectiveness of information security service.
Reputation and business records: The reputation and business records of an enterprise are also important considerations in handling the qualification certification of CCRC information security service, and it is necessary to prove that it has the ability to provide information security service.