ISO27001认证 信息安全目标的制定

Establishment of information security objectives for ISO27001 certification

使已识别的信息资产满足信息安全的各项要求，包括法律法规、客户与相关方和组织业务要求。具体目标包括：

Make the identified information assets meet the requirements of information security, including laws and regulations, customer and related parties and organization business requirements. Specific objectives include:

1、信息泄露事件为零

1. Zero information leakage

2、引起组织主要业务中断时间累计不能超过2h/年

2. The cumulative time of main business interruption caused by the organization shall not exceed 2 h / year

3、引起组织主要业务中断事件发生次数小于1次/年

3. The number of major business interruption events of the organization is less than 1 time / year

4、严重影响网络与信息系统可用性的事件小于1次/年

4. The events that seriously affect the availability of network and information system are less than once a year

5、信息安全事件发生时，以损失最小化、恢复时间最短化、避免再次发生为目标。

5. When an information security event occurs, the goal is to minimize the loss, minimize the recovery time, and avoid recurrence.

ISO27001 ISO27001认证 ISO27000 ISO27000认证 信息安全管理体系 信息安全管理体系认证 认证证书 认证公司 认证机构 认证咨询公司

ISO27001 ISO27001 certification ISO27000 ISO27000 certification information security management system information security management system certification certificate certification company certification authority certification consulting company