Sinokap Passed ISO 27001:2013 Information Security Management System ISO 20000-1:2018 IT Service Management
Sinokap is pleased to announce that, following rigorous evaluation and audits by nationally recognized authoritative bodies, we have successfully obtained the ISO/IEC 27001:2013 Information Security Management System certification and the ISO/IEC 20000-1:2018 IT Service Management System certification.
At Sinokap, we uphold high standards, strict requirements, and standardized operational management as our fundamental principles. Achieving these two certifications signifies that we have established a standardized and procedural system in information security management and technical services, reaching advanced international and domestic management standards. This accomplishment not only acknowledges the standardization of Sinokap’s various operations but also serves as a crucial guarantee for our sustained and stable development in the future.
Certification Process
Typically, the assessment is divided into three stages: on-site inspection, document review, and random interviews. Due to the pandemic, the initial on-site inspection was conducted online, focusing on the security of areas such as server rooms, file cabinets, and employee work environments. The evaluation covered daily operations, management mechanisms, and system configurations to assess the company’s current state of information security management. Subsequently, a thorough review of documents and workflows was conducted. Finally, audit experts engaged in detailed discussions with Sinokap employees, comprehensively examining aspects such as organizational structure, facilities, personnel training, quality management, information security, and management documentation. The audit concluded that the company’s information security management system is robust, service standards are comprehensive, and all materials are standardized and authentic, meeting the requirements for both certifications. Consequently, Sinokap successfully passed the certification.
What is ISO
ISO stands for the International Organization for Standardization, the world’s largest developer of voluntary international standards. Established on February 23, 1947, ISO’s predecessor was the International Federation of the National Standardizing Associations (ISA), founded in 1928. ISO comprises national standardization bodies from over 100 countries, with the China State Bureau of Technical Supervision (CSBTS) representing China.
ISO standards are comprehensive, regulating all processes within an enterprise and involving all employees, from top management to the grassroots level. They provide a mechanism for reaching consensus on international standards. For more information, please visit the ISO official website.
ISO/IEC 27001:2013 Standard Version
The ISO/IEC 27001:2013 Information Security Management System, abbreviated as “ISMS,” is a formal standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. Published by the ISO/IEC Joint Technical Committee, it outlines numerous control measures and mechanisms to help organizations of all types and sizes secure their information assets. This global standard provides a framework for policies and processes, encompassing all legal, physical, and technical controls involved in an organization’s information risk management processes. As a formal specification, it defines the requirements for implementing, monitoring, maintaining, and continually improving an ISMS. Additionally, it specifies a set of best practices, including documentation requirements, responsibility assignments, availability, access control, security, auditing, and corrective and preventive measures. Achieving ISO/IEC 27001 certification assists organizations in complying with various regulations and legal requirements related to information security.
In today’s world, information security issues are increasingly prominent. System crashes, hacker intrusions, virus infections, loss of customer data, and internal data leaks pose significant challenges to enterprise management and survival. Establishing an ISMS indicates that a company has implemented a scientific and effective management system to ensure information security. This serves as a starting point for continuous improvement and deepening system execution, enabling each employee to develop problem awareness, proactively identify issues in their work, and systematically resolve them. Under the premise of controlled software assets, the company can continue to provide customers with secure and reliable software products and services.
ISO 27001:2013 Structure and Chapters
- Scope of This Standard
- How to Refer to This Document
- Reuse of Terms and Definitions from ISO/IEC 27000
- Organizational Context and Interested Parties
- Information Security Leadership and Senior Management Policy Support
- Planning of the Information Security Management System: Risk Assessment and Risk Treatment
- Support for the Information Security Management System
- Ensuring the Effective Operation of the Information Security Management System
- Performance Evaluation of the Audit System
- Corrective Actions
ISO 27001:2013 Risk Control Methods
ISO/IEC 27001 Section 6.1.3 describes how organizations should respond to risks through risk treatment plans. A crucial part of this process is selecting appropriate risk control measures.
- A.5: Information Security Policies (2 control measures)
- A.6: Organization of Information Security (7 control measures)
- A.7: Human Resource Security – Covers pre-employment, during employment, and post-employment (6 control measures)
- A.8: Asset Management (10 control measures)
- A.9: Access Control (14 control measures)
- A.10: Cryptography (2 control measures)
- A.11: Physical and Environmental Security (15 control measures)
- A.12: Operational Security (14 control measures)
- A.13: Communications Security (7 control measures)
- A.14: System Acquisition, Development, and Maintenance (13 control measures)
- A.15: Supplier Relationships (5 control measures)
- A.16: Information Security Incident Management (7 control measures)
- A.17: Information Security Aspects of Business Continuity Management (4 control measures)
- A.18: Compliance – Covers both internal (e.g., policies) and external (e.g., legal regulations) requirements (8 control measures)
ISO/IEC 20000-1:2018标准版本
ISO/IEC 20000-1:2018 is the latest international standard in the field of IT Service Management. It defines the requirements for the development, implementation, monitoring, maintenance, and improvement of an IT service management system, providing a model for organizations to establish, implement, operate, monitor, review, maintain, and improve their IT service management systems.
The goal of establishing an IT service management system is to create an effective, customer-centric, self-improving framework within the organization. After implementing the ISO 20000 management system, self-improvement cycles are established across various processes and positions, encompassing planning, execution, inspection, and continuous problem identification and resolution. This enables each employee to develop problem awareness, proactively identify issues in their work, and systematically resolve them. Obtaining ISO 20000 certification signifies that the IT organization providing services has demonstrated sufficient management control and service levels across all processes involved in the standard.
ISO Annex SL 9 Main Chapter
Annex SL defines a universal framework for management systems. By incorporating specific management requirements into this framework, it becomes the foundation for meeting various management system standards.
范围(Scope)
引用标准(Normative references)
用语与定义(Terms and Definitions)
服务管理系统一般要求(Service management system general requirements)
新增或变更服务之规划与实作(Design and transition of new or changed services)
服务交付流程(Service delivery processes)
关系流程(Relationship process)
解决流程(Resolution Processes)
控制流程(Control Processes)
Differences Between ISO/IEC 20000:2018 and the 2011 Version
A new high-level document structure has been introduced in alignment with other management system standards, making it easier for organizations to comply with multiple standards, such as ISO 9001 (Quality Management) or ISO 27001 (Information Security Management).
Terms and definitions have been revised to include terminology specific to management system standards. References to terms and definitions from ISO/IEC 20000-10 have been added.
Clauses have been revised or added to reflect the growing trends in service management, such as commodity services and the role of service integrators managing multiple service providers.
Some detailed requirements have been removed to provide organizations with greater flexibility in meeting compliance requirements.
A clear requirement has been introduced for establishing, implementing, maintaining, and continually improving the Service Management System (SMS).
References to the PDCA (Plan-Do-Check-Act) methodology have been removed, as various improvement methodologies can be used alongside management system standards.
New requirements for organizational context and actions to address risks and opportunities have been added.
Requirements for documented information, resources, competence, and awareness have been updated.
New requirements have been added for service planning, knowledge management, asset management, demand management, and service delivery.
Requirements for incident management and service request management have been separated into two distinct sets of requirements.
In the future, Sinokap will continue to strengthen quality management, adhere to security protocols, and stay attuned to customer needs, consistently delivering superior IT services to our clients.
Table of Contents
What We Provide
Managed IT Service
How can we help you?
Call Us, Write Us, Or Knock On Our Door. We are here to help. Thanks for contacting us!
