This standard specifies the service process model and evaluation criteria for the service capabilities of information security service providers. This standard is applicable to assess the capabilities of information security service providers, and also to provide guidance for service providers to improve their own capabilities.
GB/T 30271-2013 Referenced Document
GB/T 20984-2007 Information Security Technology Information Security Risk Assessment Specification