精选文章

ISO/IEC27001:信息安全管理体系要求-组织环境

2022-11-09 19:09:56 | 来源:企业IT培训
Information technology — Security techniques — Information security management systems — Requirement- Context of the organization
信息安全管理体系要求-组织环境
 
3Context of the organization
3组织环境
3.1Understanding the organization and its context
3.1理解组织及其环境
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
组织应确定与其目标相关并影响其实现信息安全管理体系预期结果的能力的外部和内部问题。
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in Clause 5.4.1 of ISO 31000:2018.
注:确定这些问题涉及到建立组织的外部和内部环境,在 ISO 31000:2018的5.4.1 中考虑了这一事项。
3.2Understanding the needs and expectations of interested parties 
3.2 理解相关方的需求和期望
The organization shall determine:
a)interested parties that are relevant to the information security management system;
b)the relevant requirements of these interested parties;
c)which of these requirements will be addressed through the information security management system.
NOTE The requirements of interested parties can include legal and regulatory requirements and contractual obligations.
组织应确定:
a)与信息安全管理体系有关的相关方;
b)这些相关方与信息安全有关的要求
c)其中哪些要求将通过信息安全管理系统来解决。
注:相关方的要求可能包括法律法规要求和合同义务。
3.3Determining the scope of the information security management system
3.3 确定信息安全管理体系的适用范围
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
When determining this scope, the organization shall consider:
a)the external and internal issues referred to in 4.1;
b)the requirements referred to in 4.2;
c)interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
The scope shall be available as documented information.
组织应确定信息安全管理体系的边界和适用性,以建立其范围。
当确定该范围时,组织应考虑:
a)在4.1中提及的外部和内部问题;
b)在4.2中提及的要求;
c)组织所执行的活动之间以及与其它组织的活动之间的接口和依赖性
该范围应文件化并保持可用性。
3.4Information security management system
3.4信息安全管理体系
The organization shall establish, implement, maintain and continually improve an information security man
 
温馨提示:获取完整版ISO27001最新2022版中英文对照资料,可咨询中培课程顾问或拨打客服电话了解18513851518