^{<noscript id="xnuvc"></noscript>}

您現(xiàn)在的位置：首頁 > IT資訊 > 精選文章 > ISO/IEC27001：信息安全管理體系要求-運(yùn)行

ISO/IEC27001：信息安全管理體系要求-運(yùn)行

2022-11-09 19:44:13　|　來源：企業(yè)IT培訓(xùn)

?Information technology — Security techniques — Information security management systems — Requirements-Operation

信息安全管理體系要求-運(yùn)行

7 Operation
7 運(yùn)行
7.1 Operational planning and control
7.1 運(yùn)行的規(guī)劃和控制
The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in Clause 6, by:
— establishing criteria for the processes;
— implementing control of the processes in accordance with the criteria.
組織應(yīng)規(guī)劃、實(shí)施和控制滿足信息安全要求所需的過程，并實(shí)施第6條中確定的措施。
— 制定相關(guān)流程的標(biāo)準(zhǔn)；
— 按照標(biāo)準(zhǔn)實(shí)施對(duì)過程的控制。
Documented information shall be available to the extent necessary to have confidence that the processes have been carried out as planned.
組織應(yīng)保持文件記錄信息達(dá)到必要的程度：有信心證明過程是按計(jì)劃執(zhí)行的。
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
組織應(yīng)控制計(jì)劃了的變更，評(píng)審非預(yù)期變更的后果，必要時(shí)采取措施減緩負(fù)面影響。
The organization shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled.
組織應(yīng)確保對(duì)外部提供的與信息安全管理系統(tǒng)相關(guān)的流程、產(chǎn)品或服務(wù)進(jìn)行控制。
7.2 Information security risk assessment
7.2 信息安全風(fēng)險(xiǎn)評(píng)估
The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in 6.1.2 a).
考慮到6.1.2 a）中建立的風(fēng)險(xiǎn)評(píng)估執(zhí)行準(zhǔn)則，組織應(yīng)按計(jì)劃的時(shí)間間隔執(zhí)行信息安全風(fēng)險(xiǎn)
評(píng)估，當(dāng)重大變更被提出或發(fā)生時(shí)也應(yīng)執(zhí)行信息安全風(fēng)險(xiǎn)評(píng)估。
The organization shall retain documented information of the results of the information security risk assessments.
組織應(yīng)保留信息安全風(fēng)險(xiǎn)評(píng)估結(jié)果的文件記錄信息。
7.3 Information security risk treatment
7.3信息安全風(fēng)險(xiǎn)處置
The organization shall implement the information security risk treatment plan.
The organization shall retain documented information of the results of the information security risk treatment.
組織應(yīng)實(shí)施信息安全風(fēng)險(xiǎn)處置計(jì)劃。
組織應(yīng)保留信息安全風(fēng)險(xiǎn)處置結(jié)果的文件記錄信息。

溫馨提示：獲取完整版ISO27001最新2022版中英文對(duì)照資料，可咨詢中培課程顧問或撥打客服電話了解18513851518