1. Introduction to ISO27001

　　ISO27001 is an international standard for information security management. Originally from the British standard BS7799, after ten years of continuous revision, it was finally transformed into a formal international standard by the International Organization for Standardization (ISO) in 2005 and released as ISO/IEC 27001:2005 on October 15, 2005. This standard can be used for the establishment and implementation of the information security management system of the organization to ensure the information security of the organization. PDCA process method is adopted to improve the safety management of the organization in an all-round and systematic way based on the risk management concept of risk assessment. For modern enterprises, it is a challenge and an opportunity to transform IT departments previously considered as cost centers into active value-added service providers, and to promote this opportunity to become a reality.

　　2. Requirements for Acquisition of Certification

　　They should have corresponding qualifications (such as business license, organization code, relevant national administrative approval qualification or industry qualification), relevant facilities and resources, and be able to carry out normal business activities. It can provide record of business activities for more than three months.

　　3. Procedures for obtaining certification

　　The process of obtaining certification is usually divided into two stages.

　　Certification Consulting Stage: After the signing of the contract, our company will send consultant teachers to the enterprise to conduct research, determine the intention of the enterprise's certification, help the enterprise to determine the organizational structure and the division of responsibilities and powers, the coverage of the system, compile and improve the system documents needed for certification, train the personnel of the enterprise, Guide the enterprise to operate according to the requirements of the system documents, and help the enterprise. Application for certification.

　　Authentication and Audit Stage: The auditors sent by the certification bodies will check the activities of enterprises applying for the scope of certification according to the certification standards and enterprise system documents. The emphasis is to verify the situation of enterprises and compile the certification documents and records, and report to the certification bodies for certification at the end of the inspection.

　　4. Benefits of Acquiring Certification

　　ISO27001

　　1. Ensuring sustainability and capability of operations by defining, assessing and controlling risks

　　2. Reducing liability for contract violations and direct violations of laws and regulations

　　3. Improving the Competitiveness and Image of Enterprises by Complying with International Standards

　　4. Define clearly the internal and external information interface objectives of all organizations: Beware of misuse and loss of data

　　5. Establishing guidelines for the use of safety tools

　　6. Beware of the loss of technical know-how

　　7. Enhancing Safety Awareness within the Organization

　　8. Evidence for Public Accounting Audit