The predecessor of the practical rules for information security management ISO / IEC27001 is the British BS7799 standard, which was proposed by the British Standards Institute (BSI) in February 1995 and revised in May 1995. BSI revised the standard again in 1999. BS7799 is divided into two parts:
Bs7799-1, information security management implementation rules;
Bs7799-2, information security management system specification.
The first part gives suggestions on information security management for the personnel responsible for starting, implementing or maintaining security in their organization; The second part describes the requirements for the establishment, implementation and documentation of information security management system (ISMS), and specifies the requirements for security control according to the needs of independent organizations.
ISO27001 certification benefits
1. Meet the requirements of laws and regulations
The acquisition of the certificate can show the authority that the organization has complied with all applicable laws and regulations. So as to protect the information system security, intellectual property rights and trade secrets of enterprises and interested parties.
2. Maintain the reputation, brand and customer trust of the enterprise
Obtaining the certificate can strengthen the information security awareness of employees, standardize the organization's information security behavior, and reduce unnecessary losses caused by human factors.
3. Fulfill the responsibility of information security management
The acquisition of the certificate itself can prove that the organization has made effective efforts in security protection at all levels, indicating that the management has fulfilled relevant responsibilities.
4. Enhance employees' awareness, sense of responsibility and relevant skills
Obtaining the certificate can strengthen the information security awareness of employees, standardize the organization's information security behavior, and reduce unnecessary losses caused by human factors.
5. Maintain sustainable business development and competitive advantage
The establishment of a comprehensive information security management system means that the information assets on which the organization's core business depends have been properly protected, and an effective business continuity planning framework has been established to enhance the organization's core competitiveness.
6. Realize risk management
It helps to better understand the information system, find out the existing problems and protection methods, ensure that the organization's own information assets can be properly protected under a reasonable and complete framework, and ensure the orderly and stable operation of the information environment.
7. Loss and cost reduction
The implementation of ISMS can reduce the losses to the organization caused by potential security incidents, ensure the continuous development of business and minimize the losses when the information system is invaded.