CCRC information security service qualification is to evaluate the technical, resource, legal, management and other qualifications and capabilities of information system security service providers, as well as their stability and reliability, and to evaluate their security services based on public standards and procedures. The process of service assurance capability certification.
qualification level
Information security service qualification levels are divided into level one, level two, and level three, with level one being the highest and level three being the lowest. Qualification level is the scale to measure the service ability of service providers.
Level 3 Certification Process
Start--Fill in the self-assessment form and application form for information security service qualification certification--Materials off-site review--Supplementary materials resubmitted--Pass the initial review, accept the application, charge the certification fee--Identified--Make the certificate--End
Level 1 and Level 2 Certification Process
Start--Fill in the self-assessment form and application form for information security service qualification certification--Materials off-site review--Submit again after supplementing the materials--Pass the initial review, accept the application, and charge the certification fee--On-site review--Certification passed-- Make a certificate--end
Certification cycle
Usually the processing period is 2-6 natural months.
1. From the signing of the "Information Security Service Qualification Evaluation Entrustment Agreement" to the issuance of the information security service qualification certificate, the period is 4-6 months. The cycle time does not include delays due to the reasons of the applicant (such as supplementary materials, delays in business processes, or the failure of the applicant to conduct on-site evaluation according to the agreed time, etc.).
2. The validity period of the information security service qualification certificate is one year
3. The certification time mainly depends on the audit time and rectification time. The above processing cycle is for reference.
Certification Benefits
Information security operation and maintenance service qualification certification is mainly to assist the organization's information system management personnel in information system security operation and maintenance through technical facility security assessment, technical facility security reinforcement, security vulnerability patch notification, security incident response, and information security operation and maintenance consulting .
1. Discover and repair the security risks existing in the information system, and reduce the possibility of security risks being illegally used;
2. Respond in a timely manner after potential safety hazards are exploited;
3. Improve the service capability, quality and level of security operation and maintenance service providers.