atsec China gains ISO/IEC 27001 certificate issued by ISCCC
2011-01-16Beijing, China – atsec China is proud to announce that its ISMS (Information Security Management System) has been certified by the China Information Security Certification Center (hereinafter referred to as ISCCC) according to the ISO/IEC 27001 standard. Previously atsec China was already certified by an international certification body as one of atsec’s global branches. atsec decided to work with ISCCC as the ISO/IEC 27001 certification body because of its professionalism and leading position in China.
The atsec China management system was established in 2006 and initially derived from the atsec global management system which combines best practices compliant with ISO 9001 and ISO/IEC 27001. It is an integrated system that includes components of quality, information security, legal, health, and environmental management, and supports atsec’s operational domains. The successful certification of the atsec China ISMS is a great achievement for both atsec and ISCCC.
Li Li, the director of the system certification department of ISCCC, commented: “I was impressed with the technical and academic atmosphere within atsec. All the staff that we interacted with were very knowledgeable and professional, which is reflected in the ISMS. atsec China’s management system utilized atsec’s global experience regarding the establishment of an ISMS very well. We are looking forward to a long-term cooperation with atsec.”
When dealing with sensitive customer data on a daily basis, information security, especially integrity and confidentiality, is the most important aspect. By earning and maintaining this standards-based certification, atsec China validates the security and quality of its operations, and further demonstrates the commitment to its customers and their clients.
Yan Liu, atsec China COO commented: “I would like to thank ISCCC’s audit team for the incredible contribution during the whole certification phase. Their suggestions for our security implementation were invaluable. atsec’s business is providing consulting, test and evaluation service based on information security – so we go through the same rigorous audits as our customers and know the business from both sides. atsec is glad to continue to share its knowledge and experience regarding ISMS with customers, partners and also the whole industry.”
Please take a look at the certificate here.
# # #
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the US, Germany, Sweden and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany and Sweden. This is supported by cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada.
atsec is also an experienced Payment Card Industry (PCI) Security Standards Council Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and Payment Application Qualified Security Assessor (PA-QSA).
We work with leading global companies such as Apple, IBM, Hewlett-Packard, Honeywell, Quantum Corporation, Red Hat, Huawei and ZTE Corporation.
About ISCCC
China Information Security Certification Center (hereinafter referred to as ISCCC) is approved by State Commission Office for Public Sector Reform, and authorized by eight administration departments, such as: Information Work Office of State Council, The Ministry of Public Security of People’s Republic of China, Ministry of State Security, Ministry of Information Industry of People’s Republic of China, State General Administration of the People’s Republic of China for Quality Supervision and Inspection and Quarantine, State Secrecy Administration, Certification and Accreditation Administration of the People’s Republic of China and State Cryptography Administration. ISCCC is the only body which is responsible for information security certification in accordance with Regulations on Certification and Accreditation of the People’s Republic of China and implementation rules, related national laws and regulations of compulsory certification and information security administration. ISCCC is an institution directly under State General Administration of the People’s Republic of China for Quality Supervision and Inspection and Quarantine (AQSIQ).
About ISO/IEC 27001
The ISO/IEC 27001 security standard specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented Information Security Management System within the context of the organization’s overall business risks. ISO/IEC 27001 has its origins in British Standard BS7799, and forms part of the new ISO/IEC 27000 series, the family of standards focused on information security management.
