location:Index > ISO > ISO27000 certification preparation

ISO27000 certification preparation

Source:YueFei Business consulting     Date:2023/8/10 9:04:27   |    Share    Collection   

First, set up a leadership team

- information safety management board:

Establishing a strategy for the information security management system;

To be responsible for the establishment of information security guidelines and objectives;

Responsibility of the role responsible for assigning information security;

To be responsible for the approval of the structure of the company's information security organization;

To be responsible for the appointment of the management representative of the information security management system;

To ensure the implementation of internal audit of the information safety management system;

Conduct management review of the information security management system regularly;

Ensure the implementation of education, the company's information security.

Deciding on acceptable levels of risk criteria and risks;

"- manager representative (deputy director of the deputy general/commission) :

To supervise the implementation of the information safety management system and report to the top management regularly;

Communicate the importance of achieving information security goals, compliance with information security strategy, legal responsibility, and continuous improvement

To be responsible for the approval of the internal auditors of the information security management system;

Responsible for the examination and approval of the application documents, including the approval of the amendment;

To confirm the contents of the information safety management manual and to be responsible for the supervision of later work;

To review and approve internal audit plans, to supervise and supervise the internal audit of information security and to approve internal audit reports;

To be responsible for the review and management review plan and management review report, to supervise the implementation of the management review measures;

Responsible for organizing and confirming company information security education;

-information security enforcement representative:

To implement and implement various policy requirements and control measures within the scope of implementation of the information security management group;

To be responsible for the daily work of information security in the department, and to be responsible for the improvement of information security awareness of personnel in this department;

To conduct risk assessment on the information assets of the department, according to the company's facts, discuss the acceptable standards of risk, and dispose of the risks that are not acceptable;

To be responsible for the emergency handling of information security incidents in the department;

-information security panel:

To be responsible for the supervision and inspection of the implementation and operation of the information safety management system in various departments;

To be responsible for the specific work of internal audit and external audit;

To be responsible for the review of the information security management system documents, and to put forward the comments of the documents;

To plan and implement the measures for effectiveness measurement;

-departments:

1, responsible for collecting information associated with the department of safety regulations and other requirements, and timely report the information security committee, is responsible for message through this door, at the same time to carry out and implement with department 2, customs regulations and other requirements;

To improve the information security awareness of the staff in the department under the requirements of promoting the company's information security management system.

In accordance with the requirements of the information security system, in accordance with the execution of this department;

To be responsible for the work of the information safety committee after an information safety accident, and to assist in the formulation and implementation of the measures;

Assist the information security audit team in internal review and external review;

To conduct effective management of information assets, ensure the confidentiality of information, maintain the integrity and availability of information, and prevent unauthorized access to information;

To be responsible for the reception, compilation, modification and preservation of information safety management system documents and records in the department;

To deal with the issues related to information security in the department and to the information security committee for the information security requirements and Suggestions;

To actively publicize the company's information security goals and guidelines in third parties or external contacts;

Ensuring the safety of information when communicating with third parties or the outside world;

Define the role and responsibilities of each functional position

III. The cost situation and system certification fees are determined based on the number of personnel responsible for information in the enterprise. Yuefei Company's quotation is relatively favorable, and supervision services are generally free of charge without incurring any fees;

III. The cost situation and system certification fees are determined based on the number of personnel responsible for information in the enterprise. Yuefei Company's quotation is relatively favorable, and supervision services are generally free of charge without incurring any fees;

 

【Related reading】:

Editor in charge:Shanghai Yue Fei Enterprise Management Consulting Co., Ltd.
Copyright:http://www.yf-iso.com/ Please indicate the source of the reprint

Tel:021-62201932   Phone:18916381081   
Add:Room 201, Ming Hui building, 442 Hami Road, Changning District, Shanghai

Shanghai Yue Fei Enterprise Management Consulting Co., Ltd. all rights reserved.  © All rights reserved.
yf-iso.com ICP:10202224