With the guidance of ISO 27001, GB/T 20984-2007 Specification for Information Security Risk Assessment (National Latest Standard) and National Information Security Classification Protection Guide, Neusoft will apply the risk assessment by providing security evaluation with different frequency and methods according to the importance of security assets, which will help the customers to understand the actual security status of its network system and apply the security policy planning accordingly. Based on the scientifically chosen policy, Neusoft will apply the following security service, choose and deploy the related security products to establish the effective security management policy in order to completely manage the various potential risks.

Execution Standard for Security Risk Assessment Service

Neusoft follows the latest and refers to the most authoritative National Information Security Standard as basic principles during the assessment, including:

GB/T 20984-2007 Information Security Technology-Risk Assessment Specification for Information Security
GB/T 21052-2007 Information Security Technology-Physical Security Technical Requirement for Information System
GB/T 50174-1993 Design Code for Electronic Computer Room
GB/T 2887-2000 Specification for Electronic Computer Field
GB/T 9361-1988 Safety Requirements for Computation Center Field
GB/Z 20985-2007 Information Technology—Security Techniques—Information Security Incident Management Guide
GB/T 20270-2006 Information Security Technology--Basis Security Techniques Requirement for Network
GB/T 21050-2007 Information Security Techniques—Security Requirements for Network Switch (EAL3)
GA/T 685-2007 Information Security Technology—Evaluation Criteria for Switch Security
GA/T 682-2007 Information Security Technology—Technical Requirements for Router Security
GB/T 20011-2005 Information Security Technology—Routers Security Evaluation Criteria
GB/T 21028-2007 Information Security Technology—Security Techniques Requirement for Server
GB/T 20008-2005 Information Security Technology—Operating Systems Security Evaluation Criteria
GB/T 20009-2005 Information Security Technology—Database Management Systems Security Evaluation Criteria
GB/T 22080-2008 Information Technology—Security Techniques—Information Security Management Systems—Requirements
GB/T 22081-2008 Information Technology—Security Techniques—Code of Practice for Information Security Management
GB/T 20282-2006 Information Security Technology—Information System Security Engineering Management Requirements
GB/T 20271-2006 Information Security Technology Common Security Techniques Requirement for Information System

Principles of Security Assessment Service Implementation

State Administration of Work Safety
AQSIQ-The General Administration of Quality Supervision, Inspection and Quarantine
National Maritime Authority
Ministry of Science and Technology
National Computer Network Emergency Center Liaoning Branch
Fujian Inspection and Quarantine Bureau
Wulumuqi Labor Bureau
Guangxi Office of Finance
Yunnan Office of Finance
Hubei Office of Finance
Anhui Branch of China Construction Bank
Fujian Branch of China Mobile
Nantong Branch of China Telecom, Jiangsu.
China National Postal& Telecommunications Appliances Corporation
Changqing Oilfield Company
Dagang Oilfield Company
Shanghai Airlines Co., Ltd.
PICC Asset Management Co., Ltd.
Orient Fund Management Co., Ltd.
Northeast China Electric Power Dispatching & Communication Center
Jilin Electric Power Dispatching & Communication Bureau
Survey Planning and Design Institute of the Yangtze River
China Second Heavy Machinery Group
TCL Multimedia China Business Center
Dongfeng Cummins Engine Co., Ltd.
Jinzhou Bauhinia Ferroalloy Plant
Beijing university of Aeronautics and Astronautics
Beijing University of Chinese Medicine
The Southwest University for Nationalities