It provides a set of comprehensive implementation rules composed of information security practices, and its purpose is to determine industrial and commercial information.
1998 the second part of the British standard "information security management system specification" stipulates the requirements of information security management system and information security control, which is the basis for organizing a comprehensive or partial information security management system and can be used as the basis for a formal certification scheme. BS7799- 1 and BS7799-2 were revised and reissued in 1999. The version of 1999 takes into account the recent development of information processing technology, especially in the fields of network and communication, and also emphasizes the information security and the responsibility of information security involved in business.
65438+In February 2000, BS7799- 1: 1999 "Implementation Rules for Information Security Management" was approved by ISO and officially became an international standard-ISO/IEC17799: 2000 "Implementation Rules for Information Technology-Information Security Management". On September 5, 2002, after extensive discussion, the draft BS7799-2:2002 was finally released as a formal standard, and BS7799-2: 1999 was abolished. On September 5, 2004, BS7799-2:2002 was officially released.
In 2005, BS7799-2:2002 was finally adopted by ISO, and ISO/IEC2700 1:2005 was launched in June of the same year.
In June 2005, ISO/IEC 17799:2000 was revised to form a new ISO/IEC 17799:2005. Compared with the old version, the new version has been greatly enhanced and improved in organization and content integrity. ISO/IEC 17799:2005 has been updated and officially released as ISO/IEC27002:2005 on July 1 2007. This update is only the standard number, and the content has not changed.
Documents and materials required to apply for ISO2700 1 certification:
1) Copy of organization legal documents, such as business license and annual inspection certificate (with official seal);
2) Copy of organization code certificate and tax registration certificate (with official seal);
3) Certification documents for the effective operation of the information security management system of the certification body (such as copies of system document release control forms, time stamp records, etc.);
4) Introduction of the applicant:
Organization profile;
Main business processes of the applicant institution;
Organization chart or function description document;
5) The system documents of the applicant shall include but not be limited to (combinable):
ISMS information security management system policy document;
Risk procedures;
Declaration of applicability;
Risk handling procedures;
Document control program;
Record control procedures;
Internal audit procedures;
Management review procedure;
Corrective measures and preventive measures procedures;
Procedures for measuring the effectiveness of control measures;
Function role allocation table;
File structure and list of the whole system.
6) A description of the comparison between the application organization system documents and those required by GB/T 22080-2016/ISO/IEC 27001:2013;
7) Information security risk certification materials, internal audit and management review certification materials of the applicant;
8) Statement on confidentiality or sensitivity of the records of the applicant institution;
9) Other supplementary information required by the certification body from the applicant.
Benefits of ISO2700 1 certification:
Enhance customers' trust and satisfaction with the company's products and services
Demonstrate the safety of the company's services and greatly enhance the competitiveness of the industry.
Connecting with international information security standards and establishing international information security standards are conducive to developing cooperation and exchanges with other enterprises around the world.
Significantly improve the IT information security management norms within enterprises, and enhance employees' awareness of information security service and IT management.
Enhance their own brand image, further close to customer needs, and provide customers with reliable IT services.