ISO27001信息安全体系认证体系运行及改进
发布时间: 2016-03-10 18:32 点击:
And the improvement of ISO27001 information security system certification system
信息安全管理体系文件编制完成以后,由公司企划部门组织按照文件的控制要求进行审核。
After the completion of the preparation of information security management system, by the planning departments in accordance with the document control requirements for audit.
结合公司实际,在体系文件编制阶段,将该标准与公司的现有其他体系,如质量、环境保护等体系文件,改归并的归并。
Combined with the practice, in the system documentation, the standard and the company's existing other system, such as quality, environmental protection and other system files, merge to merge.
该修订审核的再继续修订审核。
The revised audit re revised audit.
最终历经几个月的努力,批准并发布实施了信息安全管理系统的文档发布。
After several months of hard work, the approval and release of the implementation of the information security management system documentation.
至此,信息安全管理体系将进入运行阶段。
At this point, the information security management system will enter the operational phase.
信息系统的成功靠的是“三分技术,七分管理,十二分执行”。“执行”是要需要在实践中去体会、总结与提高。
Information systems rely on the success of the three sub technology, seven points management, twelve points". "Execution" is to need to experience, summarize and improve in practice.
对于信息系统安全管理体系建设更是如此!在此期间,以IT部门牵头,加强宣传力度,组织了若干次不同层面的宣导培训,充分发挥体系本身的各项功能,及时发现存在的问题,找出问题根源,采取纠正措施,并按照更改控制程序要求对体系予以更改,以达到进一步完善信息安全管理体系的目的。
For the construction of information system security management system is even more so! During this period, the IT department to take the lead, strengthen propaganda, organized several different levels of advocacy training, and give full play to the function of the system itself, timely detection of problems, find the root of the problem, to take corrective measures, and in accordance with the change control procedure of the system to be changed, to further improve the information security management system.