专家教你区别ISO认证与ISO合规
Experts teach you the difference between ISO and ISO compliance certification
问：ISO认证(ISO certified)与ISO合规(ISO compliant)分别是什么？需要发布什么类型的报告来证明公司通过ISO 27002认证、或是证明公司满足ISO 27002合规要求？
Ask: ISO certification ( ISO certified ) and ISO compliance ( ISO compliant ) are what? The need to publish what types of reports to prove the company passed ISO 27002 certification, or that meet ISO 27002 compliance requirements?
　　答：首先，ISO 27002标准的前身是由英国政府发布一套准则，其随后进化为BSI标准(即BS7799)，接着发展为ISO标准(ISO 17799)。ISO/IEC 27001标准是证实组织满足要求的标准，然而重命名为ISO/IEC 27002的ISO/IEC 17799标准实际上才是恰当的最佳实践。
Answer: first of all, the ISO 27002 standard is the predecessor of the British government issued a set of guidelines, which subsequently evolved into BSI standard (BS7799 ), then the development of standards for the ISO ( ISO 17799 ). ISO / IEC 27001 standards are confirmed to meet the requirements of the standards organization, but renamed to ISO / IEC 27002 ISO / IEC 17799 standards were actually the appropriate best practice.
　　通过ISO 27001‘认证’的公司需要经过认可机构要求的注册过程，并由注册员提供报告。这是一个漫长、耗时的过程，限于选择的公司。当满足ISO 27001‘合规’后，这可能意味着许多事情，例如CPA公司发布AUP(Agreed Upon Procedures，商定审查业务)报告表明你的公司是ISO合规满足的，或是某个老道的ISO审计员进入你的组织来帮助你们满足所有相关的ISO要求从而达到ISO合规遵从。
Through the ISO 27001 ' certification ' company approved institutions require registration process, and by the Registrar provides report. It is a long, time-consuming process, choose the company. When meet ISO 27001 ' compliance ', this may mean many things, such as CPA company releases AUP (Agreed Upon Procedures, agreed to review the business ) reports that your company is the ISO compliance to meet, or is a veteran ISO auditors into your organization to help you meet all ISO requirements to achieve ISO compliance compliance.
　　最后，来自被认可的注册员的ISO证书也能表示你们是ISO合规满足的。被认证与合规满足可能是一回事，但它们也可能是完全不同的两件事。这取决于你们的需要、你们顾客的要求和其它附属问题。这么说来，似乎更搞不清楚ISO认证和ISO合规满足真正代表什么了。简而言之，只要记住真正的ISO认证只能来自被认可的注册员，而ISO合规满足可以由任何多个措施来诠释。
Finally, from accredited registrar ISO certificate can also mean you are ISO compliance to meet. Certification and compliance to meet potential is one thing, but they also may be two different things. Depending on your needs, your customer requirements and other ancillary problem. That is to say, seem more confused ISO certification and ISO compliance to meet truly represent what. In short, as long as remember the real ISO certification only from accredited registrar, and ISO compliance and satisfied by any of the plurality of measures to interpret.