Information technology — Security techniques — Information security management systems — Requirements- Improvement
信息安全管理體系要求-改進(jìn)
 
9 Improvement
9 改進(jìn)
9.1  Continual improvement
9.1  持續(xù)改進(jìn)
The organization shall continually improve the suitability, adequacy and effectiveness of the information security management system.
組織應(yīng)持續(xù)改進(jìn)信息安全管理體系的適宜性、充分性和有效性。
9.2  Nonconformity and corrective action
9.2  不符合和糾正措施
When a nonconformity occurs, the organization shall:
當(dāng)發(fā)生不符合時(shí)，組織應(yīng)：
a)  react to the nonconformity, and as applicable:
1)  take action to control and correct it;
2)  deal with the consequences;
b)  evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere, by:
1) reviewing the nonconformity;
2) determining the causes of the nonconformity; and
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken; and
e) make changes to the information security management system, if necessary. Corrective actions shall be appropriate to the effects of the nonconformities encountered. Documented information shall be available as evidence of:
f) the nature of the nonconformities and any subsequent actions taken,
g) the results of any corrective action.
a) 對(duì)不符合作出反應(yīng)，適用時(shí)：
1) 采取措施控制并糾正不符合；
2) 處理后果；
b) 為確保不符合不再發(fā)生或不在其他地方發(fā)生，通過(guò)下列方式評(píng)價(jià)消除不符合原因的措施 需求：
1)  評(píng)審不符合；
2)  確定不符合的原因；
3)  確定是否存在或可能發(fā)生相似的不符合；
c)  實(shí)施所需的措施；
d)  評(píng)審所采取糾正措施的有效性；
e)  必要時(shí)，對(duì)信息安全管理體系實(shí)施變更。 糾正措施應(yīng)與所遇不符合的影響相適應(yīng)。 組織應(yīng)保留文件記錄信息作為下列事項(xiàng)的證據(jù)：
f)   不符合的性質(zhì)以及所采取的所有后續(xù)措施；
g)  所有糾正措施的結(jié)果。

溫馨提示：獲取完整版ISO27001最新2022版中英文對(duì)照資料，可咨詢中培課程顧問(wèn)或撥打客服電話了解18513851518