Information technology — Security techniques — Information security management systems — Requirements- Support
信息安全管理體系要求-支持
 
6.4 Communication
6.4 溝通
The organization shall determine the need for internal and external communications relevant to the information security management system including:
a) on what to communicate;
b)  when to communicate;
c)  with whom to communicate;
d)  how to communicate.
組織應確定有關信息安全管理體系在內部和外部進行溝通的需求，包括：
a)什么需要溝通；
b) 何時進行溝通；
c)與誰進行溝通；
d) 如何溝通；
6.5 Documented information 
6.5 文件記錄信息
6.5.1 General
6.5.1 總則
The organization’s information security management system shall include:
a) documented information required by this document; and
b) documented information determined by the organization as being necessary for the effectiveness  of the information security management system.
NOTE The extent of documented information for an information security management system can differ from one organization to another due to:
1) the size of organization and its type of activities, processes, products and services;
2) the complexity of processes and their interactions; and
3) the competence of persons.
組織的信息安全管理體系應包括：
a) 本標準要求的文件記錄信息；
b)  組織為有效實施信息安全管理體系確定的必要的文件記錄信息。
注：不同組織的信息安全管理體系文件記錄信息的詳略程度取決于：
1) 組織的規模及其活動、過程、產品和服務的類型；
2) 過程的復雜性及其相互作用；
3) 人員的能力。
6.5.2Creating and updating 
6.5.2 創建和更新
When creating and updating documented information the organization shall ensure appropriate:
a)identification and description (e.g. a title, date, author, or reference number);
b)format (e.g. language, software version, graphics) and media (e.g. paper, electronic); and
c) review and approval for suitability and adequacy.
創建和更新文件記錄信息時，組織應確保適當的：
a) 標識和描述（例如：標題、日期、作者或參考編號）；
b) 格式（例如：語言，軟件版本，圖表）和介質（例如：紙質介質，電子介質）；
c)  評審和批準其適用性和充分性。
6.5.3 Control of documented information 
6.5.3  文件記錄信息的控制
Documented information required by the information security management system and by this document shall be controlled to ensure:
信息安全管理體系和本標準所要求的文件記錄信息應予以控制，以確保：
a)it is available and suitable for use, where and when it is needed; and
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
For the control of documented information, the organization shall address the following activities, as applicable:
c) distribution, access, retrieval and use;
d) storage and preservation, including the preservation of legibility;
e) control of changes (e.g. version control); and
f)  retention and disposition.
a) 無論何時何地需要，它都是可用并適合使用的；
b)  它被充分保護（例如避免喪失保密性、使用不當或喪失完整性）。
對于文件記錄信息的控制，適用時，組織應處理下列問題：
c) 分發、訪問、檢索和使用；
d) 存儲和保存，包括可讀性的保持；
e) 變更控制（例如版本控制）；
f)  保留和和處置。
Documented information of external  origin,  determined  by  the  organization  to  be  necessary  for  the planning and operation of the information security management system, shall be identified as appropriate, and controlled.
組織為規劃和實施信息安全管理體系確定的必要的外部原始文件記錄信息，適當時應予以識別并進行控制。
NOTE      Access can imply a decision regarding the permission to view the documented information only, or       the permission and authority to view and change the documented information, etc.
注：訪問隱含一個權限決策：僅能查看文件記錄信息，或有權去查看和變更文件記錄信息等。

溫馨提示：獲取完整版ISO27001最新2022版中英文對照資料，可咨詢中培課程顧問或撥打客服電話了解18513851518