Healgoo Interactive received ISO27001:2013 Information Security Certification

Healgoo Interactive as a professional medical technology company, has always attached great importance to the construction of information security system. Since obtaining the US HIPAA security certification, the company has been continuously improving and enhancing its information security work. After a long-term unremitting efforts, the company has received the ISO 27001:2013 Information Security Certification on October 30, 2017.

The ISO 27001 standard was first approved by the Department of Trade and Industry of UK in 1993 and was first published in the UK in 1995 as BS 7799-1: 1995 "Rules for the Management of Information Security”, which provides a comprehensive set of implementation rules consisting of best practices in information security. The purpose is to serve as the sole reference point for determining the extent of control required by the business information system in most situations and for large, medium and small organizations.

In 1998 UK promulgates the second part of the standard "Information Security Management System Specification", which provides information security management system requirements and information security control requirements. It is an baseline of a comprehensive or partial assessment if information security management system of an organization, which can be used as a formal certification program principle. BS 7799-1 and BS 7799-2 were adjusted and re-released in 1999. The 1999 version considered the recent developments in information processing technology, especially in the field of network and communications. It also emphasized the responsibility of information security and information safety in business.

On December 2000, BS7799-1: 1999 has been formally adopted by the ISO / IEC as an international standard - ISO / IEC17799: "Information Technology - An Information Security Management Implementation Rules”. In addition, the second part of the BS7799 standard BS7799-2: 1999 was revised to ISO / IEC "Information Security Management System Specification" that can be used for certification by ISO / IEC in 2002 and became the official ISO standard, ISO / IEC 27001: 2005 in 2005.

After eight years of use of the current ISO / IEC 27001: 2005 standard, the ISO organization advanced the release of the new version of 2013 in response to numerous organizations and released the official version of ISO / IEC 27001: 2013 Information Security Management System standard on September 26, 2013.

1. Meet the requirements of laws and regulations.

Obtaining the certificate may indicate to the authority that the organization has complied with all applicable laws and regulations. Thus protecting the security of information systems of enterprises and related parties, intellectual property, trade secrets and so on.

2. Maintain the company's reputation, brand and customer trust.

The acquisition of certificates can reinforce employees' awareness of information security, standardize the organization of information security behaviors and reduce unnecessary losses caused by man-made reasons.

3. Fulfill the responsibility of information security management.

The acquisition of a certificate can prove, in and of itself, that the organization has made fruitful efforts to safeguard the security at all levels, indicating that management has fulfilled its responsibilities.

4. Enhance employee awareness, responsibility and related skills.

The acquisition of certificates can reinforce employees' awareness of information security, standardize the organization of information security behaviors and reduce unnecessary losses caused by man-made reasons.

5. Maintain business continuity and competitive advantage

The establishment of a comprehensive information security management system means that various information assets that sustain the organization's core business are properly protected, and an effective business continuity planning framework is established to enhance the core competitiveness of the organization.

6. Achieve risk management.

Help to better understand the information system and find out the existing problems and protection methods to ensure that the information assets of the organization can be properly protected under a reasonable and complete framework so as to ensure the orderly and stable operation of the information environment.

At present, ISO27001 Information Security Certification has been carried out by enterprises and organizations involved in information security at home and abroad, such as Alibaba, Baidu, Tencent, Amazon and other famous enterprises. Healgoo Interactive will take ISO27001 information security system as the standard, to standardize enterprise management and services, and provides users with safe, reliable, efficient and advanced technology solutions under "technology, makes human healthier" vision and continue to work hard!