《《ISO27001标准--中英文》.pdf

1 ISO/IEC 27001:2005(E) ISO 标准——IEC 27001:2005 信息安全管理体系信息安全管理体系———— 信息安全管理体系信息安全管理体系———— 要求 Reference number ISO/IEC 27001:2005(E) © ISO/IEC 2005 – All rights reserved 2 ISO/IEC 27001:2005(E) 0 简介简介 0 Introduction 简简介介 0.1 总则总则 总则总则 0.1 General 本国际标准的目的是提供建立、实施、运作、 This International Standard has been prepared to provide a model for 监控、评审、维护和改进 ISMS （ISMS ）的 establishing, implementing, operating, monitoring, reviewing, maintaining and 模型。采用ISMS 应是一个组织的战略决定。 improving an Information Security Management System (ISMS). The adoption 组织 ISMS 的设计和实施受业务需求和目 of an ISMS should be a strategic decision for an organization. The design and 标、安全需求、应用的过程及组织的规模、 implementation of an organization’s ISMS is influenced by their needs and 结构的影响。上述因素和他们的支持系统应 objectives, security requirements, the processes employed and the size and 随时间变化而变化。希望根据组织的需要去 structure of the organization. These and their supporting systems are expected 扩充 ISMS 的实施，如，简单的环境是用简 to change over time. It is expected that an ISMS implementation will be scaled 单的 ISMS 解决方案。 in accordance with the needs of the organization, e.g. a simple situation 本国际标准可以用于内部、外部评估其符合 requires a simple ISMS solution. 性。 This International Standard can be used in order to assess conformance by interested internal and external parties. 0.2 过程方法过程方法 过程方法过程方法