|
ISO27001,the standard of information security
--- Why did Novots need to get ISO27001 certification
When Manager A faces the customer, the customer would ask: "how can you guarantee that my information safety? How can you ensure that the company won't disclose the information I to a third party?"
Manager B solved all the problems of the customers. There is only a tiny step before the cooperation is achieved; project managers have met this question: "next month is the deadline. The original period is tight, and damn virus has deleted all my last week's data , what should I do?"
The manager C says helplessly: "another key employee left, and how much information about the company will be spread out!”
This is a software company's helpless. this kind of problem is also common occurrence in many other enterprises. Novots once was one of them. As the saying goes "three points’ technology seven points, management". Nowadays, the enterprises generally adopt the modern communication technology, computer and network technology to build the information system.
But most of the enterprise lacks the understanding of the seriousness of information assets, specific information security policy and complete information security management system; and the corresponding management measures are not all ready. All of these have led to much information security incidents: system paralyze, virus infection, even the loss of customer information, as well as the company's internal data leakage and so on which has brought serious influence to the survival, security and management of the enterprise.
The enterprise informatization will bring efficiency and lasting competence, but also bring more risk. In order to resolve bad results caused by the risk, enterprise managers have attached more and more importance to information security. Early time, people relys on the technical level, thinking that all safety problems can be solved by the technical control. However, after the purchase of many safety equipment and the usage of the security technology, the enterprise re still in the shadow of information security.
In fact, the selection and the application of security technology and product is just the means to realize safe demand. Information security has a broader content, including making complete security strategy, determining the needs through the risk assessment, choosing security technology and products according to demand, and implementing, maintaining and examining the security control measures according to the established security policy and process rules and standards. Gartner once pointed out in a security report: "all kinds of safety violations which caused great enterprise cost in the end is caused by the people and develops to the physical security and personnel mistake. IT security department tried to use technology and methods to solve these problems, but it won't work." ultimately, information security, is not a technical process but a management process. Information security management provides management procedures, technology and assurance measures, convince the commercial managers the credibility of the commercial trade, to ensure the availability of information technology services, can properly resist improper operation, deliberate attack or natural disasters, and recover from these fault; not unauthorized access to important confidential information. There is no so many information security management standards and specifications. and most representative one is ISO27001 standard.
ISO27001 standard is set by British Standards association focusing on the information security management, originally from the British standard BS7799. After 10 years' continuously revision, it finally was issued by the international organization as the formal international Standards in 2005 for organizations to establish information security management the system and to ensure the security of information by using the relevant specified methods and to improve the organization's security management comprehensivly and continually basing on the management idea of risk assessment. It is the world's only information security management standard, which has been adopted by over five thousand government agencies and the well-known enterprise.
Now whether you are confirmed by ISO27001 or not has become one of the requirements of the clients. Many governmental institutions, banking, securities, insurance, telecommunication operators, Network Company and many multinational companies have adopted the standard in their information security system management.
This standard pays attention to the integrity of the system, emphasizes the conformity of the laws and regulations, and has very strong compatibility with the standard of ISO9000.
Novots past ISO27001 system authentication for the first time in January 2007, and in March 2009 through the review. Through the construction and implementation of ISO27001 system, Novots technology has set up a comprehensive information security management system and organizational guarantee system and has the information security risk control ability.
With the help of ISO27001 system, the sustainable operation of Novots ' core business can be guaranteed, and all the safety related activities have clear goals and operation guide. Along with Novots 's deeper understanding of ISO27001 system, the system will be fully used the business process, making the current business operation more safe and upgrading the safety of company oneself and customer information assets, further strengthening the intellectual property rights to the customers and the protection of commercial secrets and improving the customer information security level.
In addition, the pass of ISO27001 standard authentication this year further intensifies the employees' information security consciousness, standardizes organizational information security behavior, when the information system is attacted, it still can ensure that business will continue and the loss to be controlled to the minimum degree.
|
Hotline:400-612-6010
News
