Basic conditions for applying for ISO27001 certification:

  1. Chinese enterprises hold the "Business License of Enterprise Legal Person", "Production License" or equivalent documents issued by the administrative department for industry and commerce; foreign enterprises hold the registration certificate of relevant institutions.

  2. The applicant's information security management system has been established in accordance with the requirements of the ISO/IEC 27001:2005 standard, and has been in operation for more than 3 months.

  3. At least one internal audit has been completed and a management review has been conducted.

  4. During the operation of the information security management system and within one year before the establishment of the system, no administrative penalty by the competent authority.

  Documents and materials that should be submitted when applying for ISO27001 certification:

  1. Organizational legal documents, such as business license and photocopy of annual inspection certificate (official seal);

  2. A copy of the organization code certificate and a copy of the tax registration certificate (with official seal);

  3. Documents proving the effective operation of the information security management system of the organization applying for certification (such as a copy of the system document release control table, records with time stamps, etc.);

  4. Introduction of the applicant organization:

   4.1. Organizational introduction (about 1000 words);

   4.2. The main business process of the applicant organization;

   4.3. Organization chart or functional description document;

  5. The system documents of the applicant organization shall include but are not limited to (can be combined):

   5.1, ISMS policy document for information security management system;

   5.2. Risk assessment procedures;

   5.3, Applicability Statement;

   5.4. Risk handling procedures;

   5.5, document control program;

   5.6. Record control procedures;

   5.7. Internal audit procedures;

   5.8. Management review procedures;

   5.9. Corrective action and preventive action procedure;

   5.10. Procedures for measuring the effectiveness of control measures;

   5.11. Functional role assignment table;

   5.12, the entire architecture file structure and list.

  6, the application organization system documents and the documents required by GB/T22080-2008/ISO/IEC 27001:2005;

  7. Evidence of the internal audit and management review of the applicant organization;

  8. Declaration of confidentiality or sensitivity of the records of the applicant organization;

  9. Other supplementary materials required by the certification body to be submitted by the applicant organization.