ISO/IEC 27000 Information Security Management System Certification Application Requirements:

Business License

2. Applicant establishes an Information Security Management System and implements it for over 3 months.

3. Complete at least one internal audit and conduct a management review.

4. No administrative penalties from the competent authorities were imposed during the operation of the Information Security Management System or within one year prior to the establishment of the system.

5. Brief Introduction of the Applicant Organization

6. The application documents of the organization's system must include but are not limited to:

Information Security Management System (ISMS) Policy Document; Risk Assessment Procedure; Applicability Declaration; Risk Treatment Procedure; Document Control Procedure; Record Control Procedure; Internal Audit Procedure; Management Review Procedure; Corrective and Preventive Actions Procedure; Measurement Procedure for the Effectiveness of Control Measures

7. Overall system file structure and other information security system documents

II. Factors determining the audit fee for ISO/IEC 27001 certification include:

1. Number of employees of the audited organization.

2. Volume of information included in the audit scope.

3. Number of locations

4. Establishing Connections with External Entities

5. Organizing IT complexity.

6. Organization type and business nature.

Processing Period: 2~3 months

Section 3: Steps for ISO/IEC 27001 Information Technology Service Management System Certification:

1. Conduct training and define functional responsibilities

Comprehensive ISO/IEC 27001 Basic Training/Advanced Training/Document Writing Skills Training

2 Functional Division, System Design

Develop ISO/IEC 27001 Information Security Management Policy/Assign primary responsibilities to the Management Representative/Select system standards and elements

Write files

List files/Identify which old files are obsolete and which are to be retained/Assign file writing tasks/Prepare documents/File discussion:

Document Approval Issued

5 Pilot Operation

Introduce/system file explanation/training, promote/other supporting work, conduct trial operation to staff.

The ISO/IEC 27001 Information Security Management System certification was proposed by the British Standards Institution (BSI) in February 1995, revised in May 1995, and then re修订ed by BSI in 1999. It is divided into two parts: BS7799-1, Information Security Management Implementation Rules, and BS7799-2, Information Security Management System Specification.

The ISO/IEC 27001 Information Security Management System standard is designed for compatibility with other management standards such as ISO 9000 and ISO 14001. The numbering system and document management requirements in this standard were initially designed to ensure good compatibility, allowing organizations to establish a management system that can integrate seamlessly with any other management systems they are currently using. Typically, organizations will use the same certification bodies that provide services for their ISO 9000 certification or other management system certifications to offer ISO 27001 certification services. Due to this reason, quality management experience is crucial throughout the establishment of the ISMS.

But there is a point to note: just because an organization does not have and use any form of management system beforehand, it does not mean the organization cannot obtain ISO/IEC 27001 Information Security Management System certification. In such cases, the organization should consider economic benefits and choose a suitable certification body to provide certification services. The certification body must be authorized by a national accrediting body to offer certification services to the certifying organization and issue certification certificates.