200165438+February, the General Administration of Quality Supervision, Inspection and Quarantine issued the Administrative Regulations on Compulsory Product Certification, which replaced the original import with the compulsory product certification system.
Commodity safety and quality licensing system and electrical product safety certification system. China's compulsory product certification is referred to as CCC certification or 3C certification. It is a statutory mandatory safety certification system, and it is also a basic practice widely adopted in the world to protect consumers' rights and interests and safeguard consumers' personal and property safety. In the product range of compulsory product certification, the designated certification institution for WLAN products and information security products is China Information Security Certification Center. Information security management system
Virus damage, hacker attack, system paralysis, employee error and malicious damage, commercial espionage, etc. More and more information security problems have become an important security risk that threatens the survival and development of organizations. The information security management system (ISMS) based on the latest international standard ISO/IEC2700 1:2005 is an advanced information security solution in the world and is being adopted by more and more organizations. It adopts PDCA process method and 133 information security control measures to help organizations solve information security problems and achieve information security goals. ISMS certification is an effective means for organizations to prove that their information security level and ability meet the requirements of international standards. It will help the organization to save information security costs, enhance the confidence and trust of customers, partners and other interested parties, and improve the public image and competitiveness of the organization.
ISO/IEC 2700 1 standard is applicable to all types of organizations (for example, commercial enterprises, government agencies, non-profit organizations). ISO/IEC 2700 1 puts forward requirements for the establishment, implementation, operation, monitoring, auditing, maintenance and improvement of documented ISMS from the perspective of the overall business risk of the organization. It specifies the implementation requirements of security control measures customized to meet the needs of different organizations or their departments.
ISO/IEC 2700 1 certification can bring the following benefits to organizations: 1. Make the organization obtain the best information security operation mode; 2. Ensure the safety of the organization's business; 3. Reduce business risks and avoid organizational losses; 4. Maintain the core competitive advantage of the organization; 5. Provide credibility in the business activities of the organization; 6. Enhance organizational competitiveness; 7. Meet customer requirements; 8. Ensure the sustainable development of the organization's business; 9. Make the organization more in line with laws and regulations.
Service qualification certification
China Information Security Certification Center is an organization approved by CNCA to engage in information security service qualification certification.
(See CNCA-R-2007- 138 Certificate of Approval for details). In the Reply on Agreeing to China Information Security Certification Center to engage in the pilot work of qualification certification and training in information security service, the National Audit Letter [2007] 150 made it clear that the center is a pilot unit to carry out qualification certification business in information security service. At the same time, the center has also been recognized by China National Accreditation Committee for Conformity Assessment, with the certificateNo. CNASCO66-V. information security service's qualification certification is based on national laws and regulations, national standards, industry standards and technical specifications, as well as basic certification norms and certification rules, to evaluate the safety service qualification of institutions in information security service. Certification standards: information security service's qualification certification is based on national laws and regulations, national standards, industry standards and technical specifications. At present, China Information Security Certification Center has carried out information security emergency handling qualification certification business, according to YD/T 1799-2008 "Qualification Evaluation Method for Network and Information Security Emergency Handling Services".
YD/T 1799-2008 "Qualification Evaluation Method for Network and Information Security Emergency Response Service" is based on the requirements of China's network and information security emergency response service management, taking into account the actual situation of domestic network and information security emergency response service providers, and referring to YD/T 162 1-2007 "Qualification Evaluation Criteria for Network and information security service".
Network and information security emergency service is one of the important means to ensure business continuity, which covers a series of activities to maintain and restore key applications after security incidents. The qualification grade of network and information security emergency handling service is a measure of the service provider's emergency handling service qualification and ability. Qualification levels are divided into three levels, the highest level and the lowest level.
The qualification evaluation of network and information security emergency service is a concrete measure and evaluation of the qualification status, economic strength, technical ability and ability to implement emergency service process of network and information security emergency service providers. This standard specifies the service qualification requirements for organizations that provide emergency response services for network and information security for information system owners, and the evaluation methods for organizations that provide emergency response services for network and information security. This standard is applicable to third-party evaluation institutions to evaluate the network and information security emergency response service qualification of institutions providing network and information security emergency response services, which can be used as the basis for information system owners to choose institutions providing network and information security emergency response services, as the technical specification for relevant competent departments to manage institutions providing network and information security emergency response services, as a reference for certification bodies to certify institutions providing network and information security emergency response services, and as a guide for institutions providing network and information security emergency response services to improve their own capabilities.
YD/T 162 1-2007 "Network and information security service Qualification Assessment Standard" stipulates the network and information security service qualification requirements of institutions providing networks and information security service for telecom operators, which is applicable to the network and information security service qualification assessment of institutions providing networks and information security service for telecom operators. It can be used as a technical specification for the relevant national authorities to manage and inspect the network and information security service institutions, and it can also be used as a guide for institutions providing network and information security service to improve their own capabilities. This standard covers information security consulting services, information security engineering services, information security training services and information security operation support services.