Information technology — Security techniques — Information security management systems — Requirements-Leadership
信息安全管理體系要求-領(lǐng)導(dǎo)

4Requirements-Leadership
4領(lǐng)導(dǎo)
4.1Leadership and commitment 
領(lǐng)導(dǎo)和承諾
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
高層管理者應(yīng)通過下列方式展示其關(guān)于信息安全管理體系的領(lǐng)導(dǎo)力和承諾：
a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
b) ensuring the integration of the information security management system requirements into the organization’s processes;
c) ensuring that the resources needed for the information security management system are available;
d) communicating the importance of effective information security management and of conforming  to the information security management system requirements;
e) ensuring that the information security management system achieves its intended outcome(s);
f)  directing and supporting persons to contribute to the effectiveness of the information security management system;
g) promoting continual improvement; and
h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
a) 確保建立信息安全政策和信息安全目標(biāo)，并與組織的戰(zhàn)略方向保持一致；
b) 確保將信息安全管理體系要求整合到組織的業(yè)務(wù)過程中；
c) 確保信息安全管理體系所需資源可用；
d) 傳達(dá)信息安全管理有效實施、符合信息安全管理體系要求的重要性；
e) 確保信息安全管理體系實現(xiàn)其預(yù)期結(jié)果；
f)  指揮并支持人員為信息安全管理體系的有效實施作出貢獻(xiàn)；
g)  促進持續(xù)改進；
h)  支持其他相關(guān)管理角色在其職責(zé)范圍內(nèi)展示他們的領(lǐng)導(dǎo)力。
NOTE   Reference to “business” in this document can be interpreted broadly to mean those activities that are  core to the purposes of the organization’s existence.
注：本標(biāo)準(zhǔn)中提及的“業(yè)務(wù)”可以廣義地解釋為指本組織存在目的的核心活動。

4.2Policy 
4.2政策
Top management shall establish an information security policy that:
a)  is appropriate to the purpose of the organization;
b)  includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
c) includes a commitment to satisfy applicable requirements related to information security;
d) includes a commitment to continual improvement of the information security management system. The information security policy shall:
e)be available as documented  information;
f) be communicated within the organization;
g) be available to interested parties, as appropriate.
高層管理者應(yīng)建立信息安全政策，以：
a) 適于組織的目標(biāo)；
b) 包含信息安全目標(biāo)（見）或設(shè)置信息安全目標(biāo)提供框架；
c) 包含滿足適用的信息安全相關(guān)要求的承諾； d) 包含信息安全管理體系持續(xù)改進的承諾。 信息安全政策應(yīng)：
d) 文件化并保持可用性；
e) 在組織內(nèi)部進行傳達(dá)；
f)  適當(dāng)時，對相關(guān)方可用。
4.3Organizational roles, responsibilities and authorities 
4.3  組織角色、職責(zé)和權(quán)限
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated within the organization.
Top management shall assign the responsibility and authority for:
高層管理者應(yīng)確保分配并傳達(dá)了信息安全相關(guān)角色的職責(zé)和權(quán)限。
高層管理者應(yīng)分配下列職責(zé)和權(quán)限：
a) ensuring that the information security management system conforms to the requirements of this document;
b) reporting on the performance of the information security management system to top management.
a) 確保信息安全管理體系符合本標(biāo)準(zhǔn)的要求；
b) 將信息安全管理體系的績效報告給高層管理者。
NOTE Top management can also assign responsibilities and authorities for reporting performance of the information security management system within the organization.
注：高層管理者可能還要分配在組織內(nèi)部報告信息安全管理體系績效的職責(zé)和權(quán)限。
 
溫馨提示：獲取完整版ISO27001最新2022版中英文對照資料，可咨詢中培課程顧問或撥打客服電話了解18513851518