United Registrar of Systems Ltd  login  member join  contact us  sitemap
SERVICE APPLICATION URS COMMUNITY ABOUT URS
 
ISO 9000
ISO 14000
ISO/TS 16949
ISO/IEC 20000
HACCP/ISO 22000
OHSAS 18000
ISO 13485
ISO 27001
ISO 28000
ISO/TS 29001
AS 9100
TL 9000
Do you want the Best?
We'll do it!
SERVICE Home > SERVICE > System Certifications > ISO 27001
Why URS?Assessment ProcessSystem CertificationsTraining Service
Government-Support Business
ISO/IEC27001


ISO/IEC27001 is a standard specification for an Information Security Management Systems (ISMS). Information is critical to the operation and perhaps even the survival of each organization. Being certified to ISO/IEC27001 will help organization to manage and protect valuable information assets.

ISO/IEC27001 is the only auditable international standard and designed to ensure the selection of adequate and proportionate security controls. In addition to protect organization’s information assets it can give confidence to any interested parties, especially customers. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. The standard specifies requirements for the implementation of security controls customized to the needs of individual organizations.

The standard revised in 2005 and is based on the plan-do-check-act model in common with ISO9001 and ISO14001 and uses risk assessment and business impact analysis to identify and manage risks to the confidentiality, integrity and availability of information.

The ISO/IEC27001 standard covers the following topics:

  Security policy ? This provides management direction and support for information security
  Organization of assets and resources ? To help you manage information security within the organization
  Asset classification and control ? To help you identify your assets and appropriately protect them
  Personnel security ? To reduce the risks of human error, theft, fraud or misuse of facilities
  Physical and environmental security ? To prevent unauthorized access, damage and interference to business premises and information
  Communications and operations management ? To ensure the correct and secure operation of information processing facilities
  Access control ? To control access to information
  Systems development and maintenance ? To ensure that security is built into information systems
  Business continuity management ? To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disaters
  Compliance ? To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement


Who is it relevant to?

ISO/IEC27001 is suitable for broad range of organizations, large or small, in most of the commercial and industrial market sectors. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors. ISO/IEC27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.


Benefits of ISO/IEC27001

Certification to ISO/IEC27001 is a powerful demonstration of an organization’s commitment in managing information security. It also helps create a systematic framework in which organizations drive continual improvement, providing a competitive advantage for your organization because:

  It certifies that your company complies with the industry’s best practices for security
  As a marketing commodity, it encourages trust among present and potential clients
  With compliance, a better work practice and ethics in security is established
  It provides a framework for you to comply with regulatory/legislation requirements
  It enables you to demonstrate your IT systems are safe and make a public statement of capability without revealing your security processes or opening your systems to second party audits
  It helps your organization develop a business continuity plan, minimizing the impact of any security breaches

 



Contact Person : Tran Vinh Khang
Tel : +84 (08) 3930 1376 (Ext: 106) /  Fax : +84 (08) 3930 1349
Email : vinhkhang@urs.vn

Contact Person : Choi, Chun Seoung
Tel : +82 (02) 2636 9003 /  Mobile : +84 (0122) 809 3480 / +82 (10) 3709 9001
Email : cschoi112@gmail.com
 
Why URS? Contact us Global Network Vietnamese Korean English
6th floor, Estar Building, 147-149 Vo Van Tan, Ward 6, District 3, Ho Chi Minh City, Vietnam
Tel : 84(08) 3930-1376   |   Fax : 84(08) 3930-1349   |    Mail to : vietnam@urs.vn
COPYRIGHT(C) 2004 URS VIETNAM. ALL RIGHT RESERVED.