ISO27001 Information Security Management System       

Nowadays the application of information is gradually common, thus information assets become an increasingly precious asset for an enterprise. As an important asset of an organization, information needs to be properly protected. However, with the rapid development of information technology, especially with the appearance of Internet and online transaction, many information security problems have appeared such as system paralysis, hacking, virus infection, rewriting of the web page, the loss of the customer's information and the disclosure of the company's internal data. The information assets naturally become the object of the contenders and the saboteurs. In addition to external threats, internal application deviations also pose a hidden danger to information consistency, accuracy and operational efficiency, which have seriously affected the management and survival of the organization and even the national security. The damage caused by security problems is far greater than the account loss of the transaction. Therefore, current enterprises need to find the way to fully prevent the damage and leakage of information urgently when enjoying the speed and convenience brought by modern information system.

As the saying goes, "30% technology, 70% management", modern communication, computer and network technology are widely used to construct the information system of the organization. However, most top management in most organizations are not aware of the seriousness of threats to information assets, lack of a clear information security policy, a complete information security management system and corresponding management measures, for example, the system operation, maintenance, development and other posts are not clear, the responsibilities are not divided, and one person holds several posts simultaneously. These are all important reasons for information security events. The lack of systematic management is also an important issue. Therefore, we need a systematic and overall planning of information security management system to ensure the security and normal operation of the organization's information systems and businesses from the perspective of prevention and control.

ISO27001 is a ISMS system implementation standard, and it can be used to audit and certificated the information security management system of organizations, so as to ensure that organizations can get rid of the damage of information security. The ISO27001:2013 standard is a set of specifications for establishing the information security management system (ISMS). It specifies the requirements for establishing, implementing and maintaining the information security management system, and points out the risk assessment criteria that the implementing agencies should follow. As a set of management standards, ISO27001 guides related personnel to apply ISMS, and its ultimate goal is to establish an information security management system suitable for business demands.

The information security management standard has been officially approved by many countries, and it is a representative standard of information security management system in the world. Information security management is necessary for every enterprise or organization, so the certification of information security management system is universal, and is not restricted by region, industry category and company size.