Quick Search

Certification Services

ISO/IEC 20000  |  ISO/IEC 27001  |  TL 9000  

ISO/IEC 27001

Information Security Management
As we place increased reliance on information technology, information security is paramount to the successful operation of all organisations. With rapid technological advancements, an organisation’s information system is also more vulnerable to attack.
Certification Standard
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
System Requirements
The focus of ISO/IEC 27001 is information security risks management. An organisation has to assess its information security risk levels and apply controls to mitigate these risks. The "Requirements" are mandatory requirements with no exclusion allowed. The "controls" in Annex A can be excluded, provided that such exclusions will not affect the organisation’s responsibility and ability to meet its obligatory information security requirements.

 Benefits of Certification
  • Yardstick to formulate security requirements and objectives. 
  • Improves and cost effective risk management. 
  • Efficient integration with ISO 9001 and other management systems. 
  • Demonstrates commitment to customers.

Apply Enquiry Request Quotation Terms & Condition


Last Update: 2024-06-25   Disclaimer and Copyright
Copyright © 2024 Hong Kong Quality Assurance Agency. All rights reserved.