BSI Management Systems assists China's Shenzhen Stock Exhange in ISO/IEC 27001 certification bid

Press release - 2 September 2008

The Shenzhen Stock Exchange (SZSE) has achieved ISO/IEC 27001 certification for Information Security Management following a pilot programme with BSI Management Systems in China. It is now the first company in the industry of stocks and securities to have in place a management system for information security.

This certification was sought and achieved in line with the People’s Republic of China’s principles of ‘information and technology protection’.

BSI Group was selected from ten companies that bid to work with SZSE, impressing with its extensive experience of certification and its position as market leader.

The SZSE, one of the two largest stock exchanges in Mainland China, set three goals for the pilot programme it ran with BSI: first, complete the trial project successfully; second, learn how to establish an information security management system; third, improve SZSE’s management of information security across the board. The long-term goal is to establish the best possible information security management system within the next two years.

Since implementation of the pilot project, SZSE has improved its information security management significantly. It has also increased its business operation capabilities and raised security awareness among employees. Certification has led to reduced cost associated with business risks and has introduced a long-term information security strategy and plan.

Deng Hui, Project Manager of Systems Operations Department, Shenzhen Stock Exchange, said, “During the implementation of this project, BSI has left a deep impression on us by demonstrating their solid technical and working experiences, their constant pursuit for perfection, their professional attitude and their customer oriented services. We hope that BSI can continue to provide their support and that the original team members will continue to support SZSE’s audit.”

Learn more about ISO/IEC 27001 certification for Information Security.