The O20000 standard can be used in IT service industries, such as IT consulting, system integration, IT education and training, IT system outsourcing, business process outsourcing, software and hardware maintenance and support, etc. IT can also be applied to IT service departments within organizations, such as data centers in financial and telecommunications industries.

ISO20000 certification conditions are as follows:

1. Enterprise credit: enterprises that have been operating normally and legally for more than three months have good credit and no record of violation;

2. Human resources: more than 5 employees, with technical personnel related to business;

3. Project resources: there are more than two mature projects related to the scope of certification;

4. Running time: running the system for more than three months;

5. Internal audit management evaluation: at least one internal audit was completed and management review was conducted.

legal ground

Measures for the administration of information technology of securities fund operating institutions

Article 7 The board of directors of a securities fund operating institution shall be responsible for reviewing the information technology management objectives of the company, being responsible for the effectiveness of information technology management, and performing the following duties:

(1) Review the information technology strategy to ensure consistency with the company's development strategy, risk management strategy and capital strength.

(two) the establishment of information technology human and financial security program;

(3) Evaluating the overall effect and efficiency of annual information technology management;

(4) Other information technology management duties as stipulated in the articles of association. Article 9 A securities fund operating institution shall set up an information technology governance committee or designate a special committee (hereinafter referred to as the information technology governance committee) under the management of the company to formulate the information technology strategy and consider the following matters:

(1) Information technology planning, including but not limited to information technology construction planning, information security planning and data governance planning;

(2) Information technology investment budget and distribution plan;

(three) major information system construction or major transformation projects, major changes;

(4) Information technology emergency plan;

(five) the review report and annual evaluation report on the use of information technology to carry out related business activities;

(6) Matters submitted for consideration by members of the Information Technology Governance Committee;

(seven) other matters that have a significant impact on information technology management. The information technology governance committee shall be composed of senior managers and principals from compliance management departments, risk management departments, audit departments, major business departments, information technology management departments and other departments, and external professionals may be hired as members or consultants of the information technology governance committee.