银行ISO27000认证标准推行的重点
Bank ISO27000 certification standards to carry out key
ISO27000信息安全管理体系文件编制完成以后，组织应按照ISO27000文件的控制要求进行审核与批准，并发布实施，至此，ISO27000信息安全管理体系将进入运行阶段。
ISO27000 information security management system documentation is completed, the organization shall in accordance with the ISO27000 document control requirements for review and approval, and implemented, thus, ISO27000 information security management system to the operational stage.
ISO27000体系运行初期一般称为试运行期或磨合期，在此期间体系运行的 目的是要在实践中检验体系的充分性、适用性和有效性。
The ISO27000 system at the initial stage of operation is generally referred to as the trial run period or run-in period, during which the system is designed to test in practice system adequacy, applicability and effectiveness.
在ISO27000体系运行初期，组织应加强运作力度，通过实施其手册、程序和各种作业指导性文件等一系列体系文件，充分发挥体系本身的各项功能，及时发现体系策划本身存在的问题，找出问题根源，采取纠正措施， 纠正各种不符合，并按照更改控制程序要求对体系予以更改，以达到进一步完善信息安全管理体系的目的。
In the ISO27000 system the initial run, the organization should strengthen operational strength, through the implementation of the manual, procedures and work instruction documents such as a series of system files, give full play to the function of the system itself, the timely discovery system planning problems, find the root of the problem, to take corrective measures, correct all do not meet, and according to the change control program requirements for system to change, so as to further improve the information security management system of.
　　有针对性地宣贯ISO27000信息安全管理体系文件。
To follow the ISO27000 information security management system.
　　ISO27000体系文件的培训工作是体系运行的首要任务，培训工作的质量直接影响体系运行的结 果。
Documents ISO27000 system training work is the system operation of the primary task, training work directly influences the quality of system running knot fruit.
组织应根据培训工作计划的安排并按照培训程序的要求对全体员工实施培训。
The organization shall according to the training plan according to the training program for staff training.
通过培训使全体员工认识到新建立或完善的信息安全管理体系是对过去ISO27000信息安全管理体系的变革，是为了向国际先进的信息安全管理标准接轨，要适应这种变革和新管理体系的运行， 就必须认真学习、贯彻信息安全管理体系文件。
Through training so that all employees to recognize the new build or improve the information security management system is used ISO27000 on the information security management system reform, to the advanced international information security management standards, to adapt to this change and new management system, must learn seriously, carry out the information security management system.
　　实践是检验真理的唯一标准。
Practice is the sole criterion for testing truth.
　　ISO27000体系文件通过试运行 必然会出现一些问题，全体员工应将实践中出现的问题和改进意见如实反馈给有关部门，以便采取纠正措施。
Documents ISO27000 system through the test run will appear a few problems, all staff should be the practical problems and improvement advice feedback to the relevant departments, so that corrective measures.
　　将ISO27000体系 试运行中暴露出的问题，如体系设计不周、项目不全等进行协调、改进。
The ISO27000 system in trial operation exposed the problem, such as system design week, not congruent coordinate, improvement project.
　　ISO27000信息安全管理体系的运行涉及组织体系范围 的各个部门，在运行过程中，各项活动往往不可避免的发生偏离标准的现象，因此，组织应按照严密、协调、高效、精简、统一的原则，建立信息反馈与信息安全协调机制对异常信息反馈和处理，对出现的问题加以改进，并保证体系的持续正常运行。
ISO27000 information security management system involving the organization system of the various departments, in the operation process, the activity is often unavoidable deviations from the standard phenomenon, therefore, should be in accordance with strict organization, harmonious, efficient, streamlined, unified principle, the establishment of information feedback and information security coordination mechanism of abnormal feedback and processing, to problems to be improved, and guarantee system to continue normal operation.
　 　加强有ISO27000关体系运行信息的管理，不仅是信息安全管理体系试运行本身的需要，也是保证试运行成功的关键。
Strengthen the ISO27000 control system operation information management, not only is an information security management system running their own needs, but also guarantee the successful trial run key.