Workshop on ISO/IEC 27001 Information Security Management System Certification

(19 June 2015)

The Council, the Hong Kong Accreditation Service and the Working Group on Cloud Security and Privacy under Office of Government Chief Information Officer co-organised the Workshop on ISO/IEC 27001 Information Security Management System Certification. (Programme)

Information Security Management System (ISMS) is a management system or a part of the overall management system using a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security. It is applicable to organisations of all sizes and in all business sectors.

Given the increasing concern over information security in society, more organisations are aware of the advantages of being certified to ISO/IEC 27001, which is one of the most well-recognised ISMS standards globally. Certification of ISMS to ISO/IEC 27001 allows an organisation to demonstrate that its information assets are adequately protected against information security risks. It gives greater confidence to its business partners, authorities and other interested parties.

The workshop gave an overview of ISO/IEC 27001 and discussed how to get prepared for the certification process. There was experience sharing by existing certified users, as well as an introduction on the services provided by the Hong Kong Accreditation Service.

Topics and presentation materials of the workshop include:

• Practical Implementation of ISO/IEC 27001 in Your Environment (Presentation)
• Getting Certified to ISO/IEC 27001 – Experience Sharing (Presentation 1) (Presentation 2)
• Hong Kong Accreditation Service and its Services (Presentation)