400-626-7377
ISO/IEC27001:信息安全管理體系要求-組織環(huán)境
2022-11-09 19:09:56 | 來(lái)源:企業(yè)IT培訓(xùn)
Information technology — Security techniques — Information security management systems — Requirement- Context of the organization
信息安全管理體系要求-組織環(huán)境
3Context of the organization
3組織環(huán)境
3.1Understanding the organization and its context
3.1理解組織及其環(huán)境
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
組織應(yīng)確定與其目標(biāo)相關(guān)并影響其實(shí)現(xiàn)信息安全管理體系預(yù)期結(jié)果的能力的外部和內(nèi)部問(wèn)題。
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in Clause 5.4.1 of ISO 31000:2018.
注:確定這些問(wèn)題涉及到建立組織的外部和內(nèi)部環(huán)境,在 ISO 31000:2018的5.4.1 中考慮了這一事項(xiàng)。
3.2Understanding the needs and expectations of interested parties
3.2 理解相關(guān)方的需求和期望
The organization shall determine:
a)interested parties that are relevant to the information security management system;
b)the relevant requirements of these interested parties;
c)which of these requirements will be addressed through the information security management system.
NOTE The requirements of interested parties can include legal and regulatory requirements and contractual obligations.
組織應(yīng)確定:
a)與信息安全管理體系有關(guān)的相關(guān)方;
b)這些相關(guān)方與信息安全有關(guān)的要求
c)其中哪些要求將通過(guò)信息安全管理系統(tǒng)來(lái)解決。
注:相關(guān)方的要求可能包括法律法規(guī)要求和合同義務(wù)。
3.3Determining the scope of the information security management system
3.3 確定信息安全管理體系的適用范圍
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
When determining this scope, the organization shall consider:
a)the external and internal issues referred to in 4.1;
b)the requirements referred to in 4.2;
c)interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
The scope shall be available as documented information.
組織應(yīng)確定信息安全管理體系的邊界和適用性,以建立其范圍。
當(dāng)確定該范圍時(shí),組織應(yīng)考慮:
a)在4.1中提及的外部和內(nèi)部問(wèn)題;
b)在4.2中提及的要求;
c)組織所執(zhí)行的活動(dòng)之間以及與其它組織的活動(dòng)之間的接口和依賴性
該范圍應(yīng)文件化并保持可用性。
3.4Information security management system
3.4信息安全管理體系
The organization shall establish, implement, maintain and continually improve an information security man
溫馨提示:獲取完整版ISO27001最新2022版中英文對(duì)照資料,可咨詢中培課程顧問(wèn)或撥打客服電話了解18513851518
信息安全管理體系要求-組織環(huán)境
3Context of the organization
3組織環(huán)境
3.1Understanding the organization and its context
3.1理解組織及其環(huán)境
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
組織應(yīng)確定與其目標(biāo)相關(guān)并影響其實(shí)現(xiàn)信息安全管理體系預(yù)期結(jié)果的能力的外部和內(nèi)部問(wèn)題。
NOTE Determining these issues refers to establishing the external and internal context of the organization considered in Clause 5.4.1 of ISO 31000:2018.
注:確定這些問(wèn)題涉及到建立組織的外部和內(nèi)部環(huán)境,在 ISO 31000:2018的5.4.1 中考慮了這一事項(xiàng)。
3.2Understanding the needs and expectations of interested parties
3.2 理解相關(guān)方的需求和期望
The organization shall determine:
a)interested parties that are relevant to the information security management system;
b)the relevant requirements of these interested parties;
c)which of these requirements will be addressed through the information security management system.
NOTE The requirements of interested parties can include legal and regulatory requirements and contractual obligations.
組織應(yīng)確定:
a)與信息安全管理體系有關(guān)的相關(guān)方;
b)這些相關(guān)方與信息安全有關(guān)的要求
c)其中哪些要求將通過(guò)信息安全管理系統(tǒng)來(lái)解決。
注:相關(guān)方的要求可能包括法律法規(guī)要求和合同義務(wù)。
3.3Determining the scope of the information security management system
3.3 確定信息安全管理體系的適用范圍
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
When determining this scope, the organization shall consider:
a)the external and internal issues referred to in 4.1;
b)the requirements referred to in 4.2;
c)interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
The scope shall be available as documented information.
組織應(yīng)確定信息安全管理體系的邊界和適用性,以建立其范圍。
當(dāng)確定該范圍時(shí),組織應(yīng)考慮:
a)在4.1中提及的外部和內(nèi)部問(wèn)題;
b)在4.2中提及的要求;
c)組織所執(zhí)行的活動(dòng)之間以及與其它組織的活動(dòng)之間的接口和依賴性
該范圍應(yīng)文件化并保持可用性。
3.4Information security management system
3.4信息安全管理體系
The organization shall establish, implement, maintain and continually improve an information security man
溫馨提示:獲取完整版ISO27001最新2022版中英文對(duì)照資料,可咨詢中培課程顧問(wèn)或撥打客服電話了解18513851518
相關(guān)閱讀
近期開(kāi)班
-
網(wǎng)絡(luò)安全技術(shù)與攻防實(shí)戰(zhàn)
7月09-11日 在線咨詢 -
PMP項(xiàng)目管理國(guó)際認(rèn)證
7月14-07日 在線咨詢 -
國(guó)家軟考高級(jí)-系統(tǒng)分析師
7月17-06日 在線咨詢 -
ITSS-IT服務(wù)項(xiàng)目經(jīng)理認(rèn)證
7月23-25日 在線咨詢 -
ITSS-IT服務(wù)工程師認(rèn)證
7月23-24日 在線咨詢 -
AI重塑辦公-Deepseek助力職場(chǎng)辦公效能提升全攻略
7月23-24日 在線咨詢 -
TOGAF?EA理論與實(shí)踐鑒定級(jí)認(rèn)證
7月24-27日 在線咨詢 -
DeepSeek大模型應(yīng)用開(kāi)發(fā)最佳實(shí)踐
7月25-27日 在線咨詢 -
國(guó)家注冊(cè)信息安全專業(yè)人員CISP認(rèn)證
7月26-30日 在線咨詢 -
國(guó)際注冊(cè)信息系統(tǒng)審計(jì)師CISA認(rèn)證
7月26-30日 在線咨詢 -
數(shù)據(jù)治理、數(shù)據(jù)架構(gòu)設(shè)計(jì)及數(shù)據(jù)標(biāo)準(zhǔn)化方法
7月28-30日 在線咨詢 -
AI賦能項(xiàng)目管理-從需求到管理落地,對(duì)標(biāo)巨頭實(shí)戰(zhàn)
7月28-31日 在線咨詢 -
業(yè)務(wù)需求分析及產(chǎn)品設(shè)計(jì)實(shí)戰(zhàn)
7月28-30日 在線咨詢 -
云原生架構(gòu)與容器化部署實(shí)戰(zhàn)訓(xùn)練營(yíng)
7月28-30日 在線咨詢
-
全國(guó)報(bào)名服務(wù)熱線
400-626-7377
-
熱門(mén)課程咨詢
在線咨詢
-
微信公眾號(hào)
微信號(hào):zpitedu
中培偉業(yè) Copyright © 2006-2025 北京中培偉業(yè)管理咨詢有限公司 .All Rights Reserved
京ICP備13024721號(hào)-1
京公網(wǎng)安備11010602007294號(hào) 增值電信業(yè)務(wù)經(jīng)營(yíng)許可證:京B2-20201348 全國(guó)統(tǒng)一報(bào)名專線:400-626-7377
京ICP備13024721號(hào)-1
京公網(wǎng)安備11010602007294號(hào) 增值電信業(yè)務(wù)經(jīng)營(yíng)許可證:京B2-20201348 全國(guó)統(tǒng)一報(bào)名專線:400-626-7377