|ISO/IEC 27001 Certification|
I. INTRODUCTION TO ISO/IEC 27001
1- ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
2- Implementing an information security management system will provide your organisation with a system that will help to eliminate or minimise the risk of a security breach that could have legal or business continuity implications.
3- Achieving ISO/IEC 27001:2013 certification shows that a business has:
- Protected information from getting into unauthorised hands
- Ensured information is accurate and can only be modified by authorised users
- Assessed the risks and mitigated the impact of a breach
- Been independently assessed to an international standard based on industry best practices
|II. CERTIFICATION PROCESS|
1- Application for certification: registration form should be completed by the applicant and send it to GIC Vietnam enclose with documents required by specific certification.
2- Audit program and auditors assignment: clearly identify the audit activities required to demonstrate that system fulfils the requirements for certification. Audit team are chosen taking into account the competence needed to achieve the objectives of the audit and requirements for impartiality; technical experts included when necessary.
3- The certification process shall be conducted in two stages. Stage 1: review the documented information, conditions, scope and readiness for stage 2 assessment. Stage 2: evaluate the implementation and effectiveness of the system. This process includes Opening meeting > On-site audits > Preparing audit conclusions > Closing meeting.
4- Audit report and corrective actions: The client is required to take corrective actions to eliminate detected nonconformities within a defined time.
5- Review and certification decision: The Certification Council reviews submitted audit documents to make the decisions for granting or refusing certification. The certification is valid for 3 years with the requirement of surveillance activities.
|III. BENEFITS OF GIC CERTIFICATION|
- GIC is internationally recognized for its certification with the accreditation mark of CPSC (USA), UKAS (UK), JAS-ANZ (Australia-New Zealand), SAAS (SAI), VICAS (Vietnam), SAC ( Singapore), CNAS (China) etc. GIC's certification is recognized by the International Accreditation Forum (IAF) and the Asia-Pacific Accreditation Cooperation (APAC).
- GIC Vietnam provides certification services conforming to European and North American standards with the most appropriate certification fee in Việt Nam.
|Should you request ISO/IEC 27001 certification, please contact:|
GIC VIỆT NAM
12F, 14 Láng Hạ Building, Ba Đình District, Hà Nội
Tel: 024.6275 2268, Fax: 024.6275 2269, Email: email@example.com
Office at Hồ Chí Minh City: R502, 160 Nam Kỳ Khởi Nghĩa, Tel: 028.39307936