Information technology — Security techniques — Information security management systems — Requirements- Support
信息安全管理体系要求-支持
6Support
6 支持
6.1 Resources
6.1 资源
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system.
组织应确定并提供建立、实施、保持和持续改进信息安全管理体系所需的资源。
6.2 Competence
6.2 能力
The organization shall:
a) determine the necessary competence of person(s) doing work under its control that affects its information security performance;
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and
d) retain appropriate documented information as evidence of competence.
组织应:
a) 确定从事影响信息安全执行工作的人员在组织的控制下从事其工作的必要能力;
b) 确保人员在适当教育,培训和经验的基础上能够胜任工作;
c) 适用时,采取措施来获得必要的能力,并评价所采取措施的有效性;
d) 保留适当的文件记录信息作为能力方面的证据。
NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the reControl assignment of current employees; or the hiring or contracting of competent persons.
注:例如适当措施可能包括为现有员工提供培训、对其进行指导或重新分配工作;雇用或签约有能力的人员。
6.3 Awareness
6.3 意识
Persons doing work under the organization’s control shall be aware of:
a) the information security policy;
b) their contribution to the effectiveness of the information security management system, including the benefits of improved information security performance; and
c) the implications of not conforming with the information security management system requirements.
人员在组织的控制下从事其工作时应意识到:
a) 信息安全政策;
b) 他们对有效实施信息安全管理体系的贡献,包括信息安全绩效改进后的益处;
c) 不符合信息安全管理体系要求可能的影响。
温馨提示:获取完整版ISO27001最新2022版中英文对照资料,可咨询中培课程顾问或拨打客服电话了解18513851518