ISO27001认证 信息安全ISO27001体系导入及认证步骤
发布时间: 2014-12-21 17:05 点击:
整体过程从战略确定,到现状评估和差异分析,再到体系设计与建立,之后实施体系运行发布,接着实行内部审核和改进,最后获取认证。
The whole process is from strategic determination, status evaluation and difference analysis, to system design and establishment, then to system operation and release, then to internal audit and improvement, and finally to obtain certification.
In particular, ISO27001 information security management system certification needs to be reviewed every year and re certified for three years.
以上参考的标准和监管要求,各个行业的要求各不相同。金融行业的监管要求就是非常丰富和严格,需进行解读匹配。
The standards and regulatory requirements referred to above vary from industry to industry. The regulatory requirements of the financial industry are very rich and strict, which need to be interpreted and matched.
在标准和要求冲突时,以监管要求、本地标准优先。
In case of conflict between standards and requirements, regulatory requirements and local standards shall prevail.
For example, the priority of financial regulatory requirements should be higher than the requirements of ISO standards; the Internet industry pays attention to agility, simplicity and speed, and needs to communicate with ISO standards to reach an agreement.