ISO IEC TS 27022-2021.docx

《ISO IEC TS 27022-2021.docx》由会员分享，可在线阅读，更多相关《ISO IEC TS 27022-2021.docx（19页珍藏版）》请在第壹文秘上搜索。

1、ISO/IECTSTECHNICA1.27022SPECIFICATIONeditionFirst2021-03Informationtechno1.ogyGuidanceoninformationsecuritymanagementsystemprocessesCOPYRIGHTPROTECTEDDOCUMENTIS0/1EC2021M11chefivdi1.itedotherwise*ri快ChBxXniEX1.msitRiDhmw;ItmiihrCoPwnR.pnttjuiionpostingontheinternetoranInunnu1.withoutpriorwrittenperm

2、ission.PermissioncanberequestedfromeitherISOatt1.addressbe1.oworISO*smemberhodyinthecountryofth?rrcucstcr.三cB1.andonnct8r,GenevaPhone:t41227490111辆jtc:用洲部砾o.orgPub1.ishedinSwitzer1.andISO/IEC2021-A1.1.rightsreservedContentsPageForewordivIntroductionv2 Scope13 Normativereferences14 Termsanddefinition

3、s15 Structureandusageofthisdocument26 Overview3Managementprocesses.61raI7 6.2Informationsecuritygovernance/managcmentinterfaceprocess.7CorePiaOCeSSOS971GeneI31)7.2 Securitypo1.icymanagementProCeSS97.5 RifqiinietiontBeDunkjgririentapFoseJiqMrocess107.6 Informationsecurityrisktreatmentprocess147.7 Sec

4、urityimp1.ementationmanagementprocess177.8 ProcesstocontFf三三r三csandcomPe1.ence197.9 Informationsecurityincidentmanagementprocess.227.10 Informationsecuritychangemanagementprocess25羽，1.fiW,Wy6ffi)nPr5?.278 7.13Informationsecurityimprovementprocess31Supportprocesses3381raI338.2 Recordscontro1.process3

5、38.3 MMmicationmanQHBraU)C0358.5 Informationsecuritycustomerre1.ationshipmanagementprocess.39AnnexA(informative)Statementofconformityto1SOIEC3300441Bib1.iography“一一“一一M43ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(ironnwm&MiJform1.SOthjififi

6、qJatemtfd1.t1.entstartiBtdraatua1.NStudrirdsbodiesthmitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Othernj11adonaramtionsrgovernmenta1.andnon-governmenta1.,in1.iaisonwithISOand1EC,a1.soTheprocedu

7、resusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceare咽6WifetfIH8节es1.9tfIBMn映丽屈.piJtaFA三Htt三ft酮疝or刷Mdcdtheeditoria1.ru1.esofthe1SOIECDirectives.Part2(seewww.iso.org/direc1.ives).曲麻环迎男裆Wn用印品保节麴IJiRa郴a依曲，鸥跟炳Mc曲廨膈出阴胀叫y忸a嘱刚郃*ubjcc1.rights.Detai1.sofanypatentrightsidentifiedduringthede

8、ve1.opmentot4h*domkMw，I1.beintheIntroductionand/orontheISO1.istofPaWHJa)*4kmsreceived(seewww.iso.org/pa1.ents)ortheIEC1.istofpatentdec1.arationsreceived(seePaterHSjeCCh).nytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.tp侬SiOnSeX岬tmbcfcttbwMyam

9、三IenPa用NhdardsNitomantogMoutISCKpodtiaifiUnXihXhdWoHd存Organization(VVrTO)princip1.esintheTechnica1.BarrierstoTrade(TBT),seewww.iso.org/iso/foreword.htm1.砧除喉gSC祕A碎H阐切踊眄楞Bis1.?CUmWeHMM出监XSO/I邮油econ.Wbrmahontechno1.ogy.Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheuser,snationa1.standardsbo

10、dy.Acomp1.ete1.istingofthesebodiescanbefoundatwww.iso.org/members.1.Hm1.IntroductionAninformationsecuritymanagementsystem(ISMS)inc1.udesaco1.1.ectionofinteractingprocessesandfoofrMWdto9nwfa11DgtiMagRroetwhichThidiUtanattaDfYBddSMrQcereJirrmet)noddItraW如escontro1.sinitia1.edbythem.M触器嘲加都骁Ru温晶催de郴F肿斓h

11、epfg蹄潞解国照Mnten?AJCeSSeSpurp1.融中建龈,mapractica1.app1.icationcanrequireadditiona1.e1.ementssuitedtotheenvironmentandcircumstances.ieiJ?限e捣愉fi曲WM箱破加癌麻帼就秋麻魁盛Simp1.iedbyISO/IEC27001.ThePRMAnyorganizationcandefineprocesseswithadditiona1.e1.ementsinordertotai1.orittoitsspecific1P醐蹩g%需小设Ih辖Ki触!甲E&einBF*目。E&S

12、B群FSFgdR1.g第8券部品KRS坦KG假郴海tsISO/IEC2021-A1.1.rightsreservedInformationtechno1.ogyGuidanceoninformationsecuritymanagementsystemprocesses1ScopeThisdocumentdefinesaprocessreferencemode1.(PRM)forthedomainofinformationseritySerti6riaMjEtgOft1.2SOIEC33004forprocessreferencemode1.s(see一incorporatetheprocess

13、approachasdescribedbyISO/IEC27000:2018,4.3.withintheISMS;pt,fc1.f1.tSYifttfifonc15W1standardsoftheISO/IEC27000fami1.yfromthe-supportusersintheoperationofanISMS-thisdocumentiscomp1.ementingtherequirements-orientedperspectiveOf2 Normativereferences1.SO/IEC27003withanoperationa1.process-orientedpointof

14、view.琳砒烟啊唏Uf丽SMhiSr电吃阑ent.前f*11nref圆麻州幽即网用eediQbna1.1.M%p1.ies.由Wtentundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udinganyamendments)app1.ies.桂济瞰一2磁脑ewM成赫山OnM腕眦愣SecuritytechniquesInformationsecuritymanagement3 TermsanddefinitionsForthepurposesofthisdocument,thetermsanddefinitionsgiveninISO/IEC27000andthefo1.1.owingapp1.y.ISOandIECmain1.aintermino1.ogica1.databasesforuseinstandardizationatthefo1.1.owingaddresses：ISOOn1.inebrowsingp1.atform:avai1.ab1.eaihps罚WWWriSOQFgobpJTjIECE1.ectropedia:avai1.ab1.eathttp:/www.e1.ectropedia.org/coreprocessprocessthatde1.iversappar