is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
China's Shenzhen Stock Exchange earns ISO/IEC 27001
11 Sep 2008
Topics: Information security, ISO/IEC 27001, China
The Shenzhen Stock Exchange (SSE), supervised by the China Securities Regulatory Commission (CSRC), has achieved certification to ISO/IEC 27001 for Information Security Management following a recent pilot programme with BSI in China. Certification was achieved in compliance with the principles of "information and technology protection", as initiated by the government of the People's Republic of China.
The SSE, established in 1990, is one of the two largest stock exchanges in Mainland China. It is a national stock exchange that provides a venue for securities trading, including 540 listed companies, 35 million registered investors and 177 exchange members. To date, the SSE has contributed a total of 400 billion Yuan to the Chinese economy in stocks and shares.
The CSRC selected SSE as the only representative from the industry of stocks and securities to act as a pilot site of the assessment of standards for information security.
SSE's management set three goals for the pilot: first, complete the trial project successfully; second, learn to establish an information security management system (ISMS); and third, improve SSE's management of information security across the board. The long-term goal is to establish the best possible ISMS within the next two or three years.
Since the implementation of the pilot project, SSE has improved its information security management significantly. It had also increased its business operation capabilities and raised security awareness among employees.
The certification led to reduced cost associated with business risks, while introducing long-term information security strategy and plan and implementation guidelines.
BSI and SSE: Building relationships
SSE's relationship with BSI began when they worked together on certification to ISO/IEC 20000 for one of SSE's departments in 2006. For certification to ISO/IEC 27001, BSI provided pre-assessment, initial assessment and enhanced SSE employee awareness of information security at every opportunity.
"As the team leader and key member of the auditors' group, I felt huge pressure while carrying out the assessment work. I wanted to make SSE's ISMS system perform perfectly after passing our assessment. We are so happy to see that our assessment work is highly recognized by our customer in the end," says Cathy Wang, team leader of auditors' group.
According to the manager of the Systems Operations department of SSE: "BSI has left a deep impression on us by demonstrating their solid technical skills and working experiences, their constant pursuit for perfection, their professional attitude and their customer-oriented services. We hope that BSI can continue to provide support to our ISMS and that the original team members will continue to support SSE's audit."
Photo source: Wikimedia Commons, author Axel Gaodd, licensed under the GNU Free Documentation License.
For more on ISO/IEC 27001: www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
For more on BSI China see: www.bsigroup.cn
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Integra ICT Hits environmental high
Integra ICT, the Bedfordshire-based telecoms provider, has achieved certification to ISO 14001 Environmental management from BSI.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
BSI is planning an informal free lunchtime roundtable in central London on 10 December 2009 to explore how small businesses and their trade bodies can work more effectively with standards. Places are limited so to register your interest or request more information, please email bsi.survey@bsigroup.com or call +44 (0)20 8996 7750.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
Question: Given the state of the environment, should issues like energy management in business be more regulated and closely monitored instead of voluntary?
Climate change is such an urgent issue that some might argue the only answer to this question is "Yes". However, creating laws that achieve their goals in precisely the right way is challenging and time consuming at the best of times. And when it comes to climate change, the factors involved are varied - too many for any one law or set of laws to cover adequately.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
