gray
Home | Global | About us | Press | Jobs and Career | Sitemap | Member login | Contact 
中文 | English
TUV top  Taiwan
Industry Solutions
blue Products + Services blue
green ID-Certificate green
 
gray
  Home» Products and Services» Systems » Certification of management systems» ISO 27001
   

ISO 27001

ISO 27001 Information Security Management Systems

ISO 27001

With the development of information technologies booming, an increasing number of enterprises and organizations are applying an extensive array of application software to carry out routine works. To improve working efficiency and managerial performance, various computer systems such as ERP, CRM, SCM, EIP, KM, BI, and LAN are set up. Yet, from natural disasters like typhoons, earthquakes, and floods to human errors during operations, and from disruptions caused by disgruntled ex-employees to viruses or hacker attacks, information systems are constantly faced with risks and threats.

An information system, once damaged, usually takes considerable time and effort to restore. Imagine the following scenarios: your computer system is down for a whole week, the data stored in your computer is lost, or your competitor(s) have obtained your customer lists and business plans. How much will this cost you? Can your company bear such costs? In consideration of the consequences, one can see how important it is to set up a comprehensive information security management system (ISMS).

The International Organization for Standardization (ISO) in 2005 published ISO 27001:2005 as the global standard for ISMS. ISO 27001 is a set of standards against which organizations can be certified: companies can set up a management system according to their specific needs, and ask a certification body to carry out the certification audit. Through systematic controls, companies can reduce risks to their information security with regard to the following three dimensions:

  • Confidentiality ensures that information is accessible only to those authorized.
  • Integrity safeguards the accuracy and completeness of information and processing methods.
  • Availability ensures that authorized users have access to information and associated assets when required.

Enterprises and organizations can apply the PDCA model according to ISO 27001:2005, and set up appropriate controls with regard to ten areas, including security policies, security organizations, and physical and environmental security.

We at TÜV Rheinland aim to help enterprises and organizations apply ISO 27001:2005 more effectively through our value-added audit service.

Other Topics:

ISO 27001 Brochure


 


gray How to Contact gray

Pleasecontact us for more information about this service.
gray
gray Seminars gray
New Seminars
2008 Seminar Plan
gray
 
 
 

 
gray
TÜV Rheinland Imprint Terms & Conditions  
回到上方 top of page 列印print
gray