The qualification conditions for the ccrc information security service certification are divided into eight main items: the security integration service is primarily assessed based on basic qualifications, service management capabilities, and technical capabilities; the security operation and maintenance service qualification is mainly evaluated on the basic qualifications, management capabilities, technical abilities, and process capabilities of the security operation and maintenance service provider; the risk assessment service qualification is primarily assessed on the capabilities of service personnel, mainly based on their knowledge and experience in risk assessment services; etc.
The conditions for each item of the ccrc information security service qualification certification are:
1. Information System Security Integration Service Qualification Certification
Information System Security Integration Service Qualification Levels are a measure of the service provider's service capabilities. The qualification levels are divided into three grades: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 the lowest. The service capabilities of a security integration service provider are primarily reflected in the following four aspects: basic qualifications, service management capabilities, service technical capabilities, and service process capabilities; the capabilities of service personnel are mainly assessed based on their knowledge and experience in security integration services.
2. Security Operation and Maintenance Service Qualification Certification
The Security Operation and Maintenance (SOM) Qualification Certification evaluates the basic qualifications, management capabilities, technical abilities, and process capabilities of the SOM service provider. The SOM service qualification level serves as a measure for the qualifications and capabilities of the service provider. The qualification levels are categorized into three grades: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 being the lowest.
3. Risk Assessment Service Qualification Certification
The Information Security Risk Assessment Service Qualification Level is a measure of the service provider's service capabilities. The service capabilities of risk assessment service providers are primarily reflected in the following four aspects: basic qualifications, service management capabilities, service technical capabilities, and service process capabilities; the capabilities of service personnel are primarily evaluated comprehensively based on the knowledge they possess and their experience in risk assessment services. The background review of service providers mainly refers to customer complaints and violations of laws and disciplines; the background review of service personnel mainly refers to the necessary review of personnel engaged in risk assessment services by the competent authorities in the industry or the employing units.
Qualification levels are divided into three grades: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 the lowest.
4. Emergency Response Service Certification
Information Security Emergency Response Service Qualification Certification evaluates the basic qualifications, management capabilities, technical capabilities, and process capabilities of emergency response service providers. The Information Security Emergency Response Service Qualification levels serve as a measure for assessing the qualifications and capabilities of service providers in emergency response services. The emergency response service qualifications are divided into three tiers, with Level 1 being the highest and Level 3 being the lowest.
5. Software Security Development Service Qualification Certification
Software Security Development Qualification Certification evaluates the basic qualifications, management capabilities, technical abilities, and software security process capabilities of software development parties. The level of security software development service qualification is a measure of the service provider's qualification and ability in software security development services.
6. Information System Disaster Backup and Recovery Service Qualification Certification
The qualification level for information system disaster backup and recovery service measures the service provider's service capability. The qualification levels are divided into three grades: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 being the lowest.
7. Industrial Control Security Service Qualification Certification
Industrial Control Systems Security Service Qualification Certification evaluates the basic qualifications, management capabilities, technical capabilities, and process capabilities of industrial control systems security service providers. The Industrial Control Systems Security Qualification level serves as a measure for assessing the qualifications and capabilities of service providers in industrial control systems security. The security qualification levels for industrial control systems are categorized into three levels: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 being the lowest.
8. Cybersecurity Audit Service Qualification Certification
Cybersecurity Audit Service Qualification Certification evaluates the basic qualifications, management capabilities, technical skills, and process capabilities of cybersecurity audit service providers. The cybersecurity audit service qualification levels serve as a measure for assessing the qualifications and capabilities of service providers in delivering cybersecurity audit services. The cybersecurity audit qualification levels are categorized into three tiers: Level 1, Level 2, and Level 3, with Level 1 being the highest and Level 3 being the lowest.
Certification significance of CCCR Information Security Service Qualification:
(1) It serves as the basis for the certification and recognition by a third-party authoritative institution of the company's capabilities.
(2) Serves as the basis for the buyer's selection, enhancing the buyer's trust in the service provider.
(3) Standardized management and technology to enhance customer satisfaction
(4) Expand the company's business scope to gain more business opportunities.
