Content

Information security is one of the most important factor in choosing a technology partner. Choosing the wrong partner can lead to data leaks, cyber attacks and many other serious consequences. ISO 27001 certification is an international standard for information security recognized by prestigious organizations around the world.

1. What is ISO 27001:2013?

ISO 27001:2013 is an international standard for information security management issued by the International Organization for Standardization (ISO) and the International Engineering Commission (IEC). ISO 27001:2013 describes the requirements necessary for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS).

iso 27001

ISO 27001 was first published in 2005 and updated in 2013 to make it more complete. The latest version of ISO/IEC 27001:2013 includes enhancements such as: expanding the scope to include new threats, clarifying the responsibilities of senior management, completing the definition of ISMS and guiding more specific guidance for implementing organizations.

2. Structure of ISO 27001

The structure of ISO 27001 includes 14 parts with 114 control clauses and one annex.

The 14 main parts of the standard include:

Scope
Terms and definitions
Background of the organization
Understanding of the organization and its context
Leader
Plan
Support
Operate
Evaluation of activities
Cải tiến
Terms and definitions (Appendix A)

Appendix A provides a list of 114 recommended information security controls in 35 groups. These measures are divided into 14 control provisions, corresponding to the 14 main parts of the standard.

cau truc cua iso 27001

3. Why should customers prioritize technology partners with ISO 27001 certification?

Enhanced Information Security Capabilities:

Companies holding ISO 27001 certification showcase adherence to the highest standards in cybersecurity and information security. This certification ensures robust protection for IT systems and customer data.

Risk Mitigation and Cost-Efficiency:

Engaging with an ISO 27001-certified partner minimizes the risk of data loss or unauthorized information disclosure, consequently reducing troubleshooting costs and ensuring uninterrupted business operations. Adhering to the ISO 27001 standard can lead to a 70% reduction in cybersecurity risks.

Reliability in IT Project Partnerships:

ISO 27001 certification serves as a testament to a technology partner’s robust cybersecurity management capabilities and compliance with stringent laws and regulations. . This instills confidence in customers, fostering a sense of security when collaborating and entrusting IT projects to such partners
In addition to ISO 27001, certifications such as CMMI Level 3 in quality management are crucial benchmarks for evaluating the capabilities of technology partners. Achieving these certifications not only bolsters reputation but also confirms the ability to deliver IT products and solutions that align with customer requirements.

lua chon doi tac dat chung chi iso 27001

4. Steps to achieve ISO 27001:2013 certification

Step	Name
Step 1	Building an Information Security Management System (ISMS) Establishing a project board Determining scope and policies Risk analysis Developing documents
Step 2	Implement and operate ISMS Awareness training Implement control measures System monitoring and improvement
Step 3	Evaluate readiness and remediate findings
Step 4	External certification assessment Select certification body Conduct 2-phase assessment Process findings
Step 5	ISO 27001 certification

5. Evotek – IT partner with ISO 27001:2013 certification

Evotek là một trong những đối tác CNTT tại Việt Nam đạt chứng nhận ISO 27001. Việc áp dụng các quy trình an toàn thông tin nghiêm ngặt giúp Evotek bảo vệ hệ thống thông tin cho hơn 600 khách hàng, trong đó có nhiều ngân hàng, tập đoàn và công ty hàng đầu.

evotek doi tac cntt dat chung chi iso 270012013