In the information technology era, information has not only become readily available but also very “compromised”. This applies in particular to confidential information. Today, when almost all business, from manufacturing organizations to banks, is performed through specialized information systems, information security becomes very important. In a very fierce competitive battle, information security is necessary because there are threats from various sources. These sources can be internal, external and incidental, and more and more often threats arise from the misuse of new powerful technologies.
Many companies began to be aware of importance of information security. Besides, they reinforce internal security and control of vendors’ performance. They hired external party to audit the effectiveness of vendor’s security control or request vendor to fill third party information security questionnaire for self-assessment. Those companies may request Vendor a SOC type II audit report or ISO 27001 Certification. The vendors will consider to get ISO 27001 Certification as one of popular solutions. A copy of ISO 27001 Certificate help the vendor to explain more.
ISO 27001 is an international standard for the protection and security of information. It provides the framework that is necessary in order to create a secure system. This information security management system will provide a systematic approach to identify and combat the full range of potential risks to which an organization’s information is exposed.
ISO 27001 Annex showed the management of security controls in 14 domains such as: security policy, organization security, control and classification of sources, personnel security, material and environmental security, operational management and communication, control access, developing and maintain various systems, and managing business continuity.
分享在 facebook
分享在 whatsapp
分享在 linkedin
分享在 twitter
