ISO27701隐私信息管理体系认证标准与ISO27001和ISO27002的关系 发布时间: 2020-10-16 15:19
ISO27701隐私信息管理体系认证标准与ISO27001和ISO27002的关系
Relationship between iso27701 privacy information management system certification standard and ISO27001 and iso27002
ISO27701隐私信息管理体系认证标准基于ISO 27001和ISO 27002,在应用本标准时,应将原ISO 27001及ISO 27002中的“信息安全”替换为“信息安全和隐私”。本标准中仅列出替换后仍需说明的额外PIMS相关要求。
Iso27701 privacy information management system certification standard is based on ISO 27001 and ISO 27002. When applying this standard, the "information security" in the original ISO 27001 and ISO 27002 should be replaced with "information security and privacy". This standard only lists the additional PIMS related requirements that need to be explained after replacement.
ISO 27002 中共14个控制域,每个控制项中包含控制措施、实施指南和其他信息。将所有“信息安全”替换为“信息安全和隐私”后,除了“业务连续性管理的信息安全方面”的控制域,ISO 27701对ISO 27002中控制域中的实施指南和其他信息均有额外的补充,但控制措施均延续ISO 27002的控制措施(仅将“信息安全”替换为“信息安全和隐私”)
There are 14 control domains in ISO 27002, and each control contains control measures, implementation guidelines and other information. After replacing all "information security" with "information security and privacy", in addition to the control domain of "information security aspects of business continuity management", ISO 27701 has additional supplements to the implementation guidelines and other information in the control domain of ISO 27002, but the control measures continue the control measures of ISO 27002 (only replace "information security" with "information security and privacy")
ISO27001 ISO27001 certification ISO27000 ISO27000 certification information security management system information security management system certification certificate certification company certification authority certification consulting company