1. The ISO27001 is introduced

　　ISO27001 is the international standard for information security management. Originally from the British standard includes, after 10 years of constant revision and finally in 2005 by the international organization for standardization (ISO) into a formal international standards, released on October 15, 2005 for the ISO/IEC 27001:2005. This standard can be used in the organization's information security management system, the establishment and implementation of the organization's information security, the PDCA process method is used, based on risk assessment of the risk management idea, through continuous improvement of the organization's safety management systematically. For modern enterprises, is considered a cost center of the IT department will ever into positive value added service provider, is a challenge, and opportunities, and promote the opportunity to become a reality.

　　2. Obtain certification should have the condition

　　Should have the corresponding qualifications, (such as business license, organization code, relevant state administrative examination and approval of qualification or trade qualification), have the relevant facilities and resources, can operate normally. Can provide more than three months of business activities.

　　3. The certification program

　　Usually the certification program is divided into two phases,

　　Certification consultation stage: after the signing of the contract, our company will send consulting the teacher to the research of the enterprise, to determine the enterprise certification intent, help enterprises to determine the organization and responsibilities purview division, system coverage, and the establishment and perfect the system of certification required documents, to the enterprise staff related to training, and guide enterprises to run according to the requirement of the system documents, and help enterprises to carry out certification application.

　　Certification audit stage: auditors sent by certification bodies, to the enterprise according to the regulations of the certification standards and enterprise system documents of enterprise activities the certification scope of inspection, the key is to verify the situation of the enterprise and prepare the certification documents and records, inspection certificate report end certification institutions.

　　4. The benefit of the certification

　　ISO27001

　　1, by definition, evaluation and control risk, to ensure business continuity and ability

　　2, reduce due to contract violation and responsibility caused by directly violate the law regulations

　　3, improve the enterprise's competition ability through comply with international standards, to promote the enterprise image

　　4, clearly define all the organization's internal and external information interface goal: to guard against misuse and loss of data

　　5, establish security tools use policy

　　6, guard against the loss of know-how

　　7, within the organization to enhance safety awareness

　　Eight, can be used as a public accountant audit evidence