ISO27001-2013 信息安全管理体系要求 中英对照版v17.pdf

1 ISO/IEC 27001:2013(E) ISO 标准——IEC 27001:2013 信息安全管理体系—— 要求 Reference number ISO/IEC 27001:2013(E) © ISO/IEC 20 13 – All rights reserved 2 ISO/IEC 27001:2013(E) 1 范围 1 Scope 本国际标准规定了在组织背景下建立、 This International Standard specifies the requirements for 实施、维护和持续改进信息安全管理体 establishing, implementing, maintaining and continually improving 系。本标准还包括信息安全风险评估和 an information security management system within the context 处置要求，可裁剪以适用于组织。本国 of the organization. This International Standard also includes 际标准的要求是通用的，适用于所有的 requirements for the assessment and treatment of information security risks 组织，不考虑类型、规模和特征。当组 tailored to the needs of the organization. The requirements set out in this 织声称符合本国际标准时，任何条款 International Standard are generic and are intended to be applicable to 4-10 的排除是不可接受的。 all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard. 2 规范性引用文件 2 Normative references 下列参考文件是本文件的标准参考，也 The following documents, in whole or in part, are normatively 是应用本文件必不可缺的。对于标注日 referenced in this document and are indispensable for its 期的引用文件，仅适用于引用版本。对 application. For dated references, only the edition cited 于不标注日期的引用文件，适用于最新 app