Information technology — Security techniques — Information security management systems — Requirements- Support
信息安全管理體系要求-支持
 
6Support
6 支持
6.1   Resources 
6.1 資源
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system.
組織應(yīng)確定并提供建立、實施、保持和持續(xù)改進信息安全管理體系所需的資源。
6.2   Competence 
6.2  能力
The organization shall:
a)     determine the necessary competence of person(s) doing work under its control that affects its information security performance;
b)     ensure that these persons are competent on the basis of appropriate education, training, or experience;
c)      where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and
d)     retain appropriate documented information as evidence of competence.
組織應(yīng)：
a)     確定從事影響信息安全執(zhí)行工作的人員在組織的控制下從事其工作的必要能力；
b)     確保人員在適當(dāng)教育，培訓(xùn)和經(jīng)驗的基礎(chǔ)上能夠勝任工作；
c)      適用時，采取措施來獲得必要的能力，并評價所采取措施的有效性；
d)     保留適當(dāng)?shù)奈募涗浶畔⒆鳛槟芰Ψ矫娴淖C據(jù)。
NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the reControl assignment of current employees; or the hiring or contracting of competent persons.
注：例如適當(dāng)措施可能包括為現(xiàn)有員工提供培訓(xùn)、對其進行指導(dǎo)或重新分配工作；雇用或簽約有能力的人員。

6.3   Awareness 
6.3 意識
Persons doing work under the organization’s control shall be aware of:
a)     the information security policy;
b)     their contribution to the effectiveness of the information security management system, including the benefits of improved information security performance; and
c)      the implications of not conforming with the information security management system requirements.
人員在組織的控制下從事其工作時應(yīng)意識到：
a)     信息安全政策；
b)     他們對有效實施信息安全管理體系的貢獻，包括信息安全績效改進后的益處；
c)      不符合信息安全管理體系要求可能的影響。

溫馨提示：獲取完整版ISO27001最新2022版中英文對照資料，可咨詢中培課程顧問或撥打客服電話了解18513851518