NEW SCHEME FOR THE INFORMATION （新方案的信息）.pdfVIP

NEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013 INTRODUCTION The Organization´s tendency to implement and certificate multiple Managements Systems that hold up and align theirs IT´s operations, process, services and infrastructure in an integrated and combined, raised the need to adjust the management standards (recent case: ISO 22301:2012 - Management Systems Business Continuity and aligns next to: ISO 9001 – Management System Quality) in a simple manner, but ensuring the efficiency and effectiveness has characterized the Management Standards. For this, was important that common parts or sections, were aligned under the same schema or format, but warranting that save the differences that exist between them. Thus, to achieve this relationship, has been applied the SL ANNEX – ISO/IEC, framework that provide the common guidelines and requirements documentary development of any Management System, and allowing customized conservation requirements each standard (Quality, Environmental, IT Service, Continuity and Information Security, among other), so as to standardize the terminology an fundamentals requirements to supply the interpretation and implementation of joint. Specifically to standard ISO 27001:2005, for this year 2013 is a need to restructure under the new approach, since March the BSI (British Standard Institute) published the draft international standard ISO/IEC – 27001:2013, and whose final product is expected to publish on October this year, bringing renewal in terms to integrality, risk, controls and security. NEW STRUCTURE The new standard structure ISO 27001:2013 includes the following levels of management: 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance evaluation