Achieving ISO27001 ISMS certification, accomplishing business continuity, minimizing risk, and maximizing business benefits.


The Need for Information Security!

Information security ensures business continuity, minimizes business loss through management of information security risks, and maximizes business opportunities. Within the context of ISO 27001 standard, information security should strive to achieve:

• Confidentiality
: information is accessible only to authorized users,


• Integrity
: information accuracy and completeness are vital, and


• Availability
: authorized users have access to information when needed.

In today’s business environment, information is the lifeblood for any organization. Increasingly, organizations and their information systems are exposed to security threats from a wide range of sources, including computer assisted fraud, espionage, sabotage, vandalism, and fire or flood. Computer viruses, hacking and denial of service attacks have become more common and increasingly sophisticated.

Achieving ISO 27001 significantly minimizes the risk and insulates the organization against internal human error or misdemeanor.

Successful ISMS compliance and certification require methodical approaches, careful consideration of scope, and thorough understanding of information security needs.

What we have done

• We have complied with BS7799 for more than 5 years and been certified ISO27001 in 2008 by BVQI (http://sea.bureauveritas.com)



• Training sessions that address IT security policy and security awareness are mandatory for our staff.



• We commit to continuously improving our security standard with the annual Surveillance Audit by BVQI



• We have internal auditors who have extensive experience and have been certified as ISMS Auditor (see Auditor Certification)

Achieving ISO27001

To effectively implement ISO27001, TDID plans, implements, monitors, and improves our ISMS as following;

• Project Scoping: setting the scope for an ISO27001 project is an essential step in any compliance initiative. TDID is certified for the entire company, not only any part of process. Our scope includes CA Hosting Service and Certification Service,



• Risk Assessment: risk assessment is a mandatory component of ISO27001. We analyze each level of information security risk inherent in our business processes,



• Process Improvement: we implement the required security improvements according to mandatory requirements in Clauses 4, 5, 6, 7, and 8. We also embrace control objectives as stated in ISO 17799, except for A.15.1.6 Regulation of Cryptographic Controls which Thailand currently has no legal structure to accommodate.

Auditor Certification

• Organizations worldwide use competent auditors who carry out effective audits which achieve increased efficiency, greater competitiveness, and enhanced credibility.



• With certified ISMS auditors, we are confident that our management systems are assessed by individuals whose skills and knowledge meet the internationally recognized standards set by IRCA.



• A list of ISMS certified auditors can be found at www.irca.org

Benefits to Customers who choose the CA Hosing Service

• Certified by the ISO 27001, the CA hosting service operates within the TDID infrastructure with internationally accepted security standard. With these qualifications, our customers who hold digital certificates can rest assured of their clients’ satisfaction and confidence.



• Rigorous and consistent inspection by international auditing agencies such as BVQI helps ensure our customer satisfaction and confidence.



• Apart from its superior security measure under ISO27001, the TDID-supported CA hosting service is both time efficient and cost effective.



• TDID provides our customers with advice on information security standards for other CA-related application systems, such as registration authority and directory system.