iso270012013信息安全管理体系要求中英对照版v17.docVIP

1 ISO/IEC 27001:2013(E) ISO 标准——IEC 27001:2013 信息安全管理体系—— 要求 Reference number ISO/IEC 27001:2013(E) ? ISO/IEC 2013 – All rights reserved 2 ISO/IEC 27001:2013(E) 1 范围 1 Scope 本国际标准规定了在组织背景下建立、 This International Standard specifies the requirements for 实施、维护和持续改进信息安全管理体 establishing, implementing, maintaining and continually improving 系。本标准还包括信息安全风险评估和 an information security management system within the context 处置要求，可裁剪以适用于组织。本国 of the organization. This International Standard also includes 际标准的要求是通用的，适用于所有的 requirements for the assessment and treatment of information security risks 组织，不考虑类型、规模和特征。当组 tailored to the needs of the organization. The requirements set out in this 织声称符合本国际标准时，任何条款 International Standard are generic and are intended to be applicable to 4-10的排除是不可接受的。 all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard. 2 规范性引用文件 2 Normative references 下列参考文件是本文件的标准参考，也 The following documents, in whole or in part, are normatively 是应用本文件必不可缺的。对于标注日 referenced in this document and are indispensable for its 期的引用文件，仅适用于引用版本。对 application. For dated references, only the edition cited 于不标注日期的引用文件，适用于最新 applies. For undated references, the latest edition of the referenced 版本的引用文件。 document (including any amendments) applies. ISO/IEC 27000，信息技术—安全技术 ISO/IEC 27000, Information technology — Security techniques — —信息安全管理体系－简介和词汇表。 Information security management systems — Overview and vocabulary 3 术语和定义 3 Terms and definitions ＩＳＯ２７０００的术语和定义适用于 For the purposes of this document, the terms and definitions given in 本文件 ISO/IEC 27000 apply. ? ISO/IEC 2013 – All rights reserved 3 ISO/IEC 27001:2013(E) 4. 组织环境 4 Context of the organization 4.1 理解组织及其环境 4.1 Understanding the organization and its context 组织应当确定与信息安全管理体系目的 The organization shall determine external and internal issues 相关联及影响其实现预期结果能力的外 that are relevant to it