ISO27001认证 ISO/IEC27001:2005标准在2005年10月公布
发布时间: 2016-05-17 23:46 点击:
ISO27001认证 ISO/IEC27001:2005标准在2005年10月公布
ISO27001 certification ISO/IEC27001:2005 standard published in October 2005
信息安全管理实用规则ISO/IEC27001的前身为英国的BS7799标准,该标准由英国标准协会(BSI)于1995年2月提出,并于1995年5月修订而成的。
Information security management utility rule ISO/IEC27001 formerly known as the UK's BS7799 standard, which was proposed by the British Standards Institute (BSI) in February 1995, and was revised in May 1995.
1999年BSI重新修改了该标准。BS7799分为两个部分:BS7799-1,信息安全管理实施规则 BS7799-2,信息安全管理体系规范。
In 1999, BSI revised the standard. BS7799 is divided into two parts: BS7799-1, information security management implementation rules BS7799-2, information security management system specification.
第一部分对信息安全管理给出建议,供负责在其组织启动、实施或维护安全的人员使用;
In the first part, the information security management is proposed, which is responsible for the use of the personnel in charge of the organization to start, implement or maintain the security;
第二部分说明了建立、实施和文件化信息安全管理体系(ISMS)的要求,规定了根据独立组织的需要应实施安全控制的要求。
The second part describes the establishment, implementation and documentation of the information security management system (ISMS) requirements, the requirements of the independent organization should be implemented in accordance with the requirements of the implementation of security controls.
ISO/IEC27001:2005标准在2005年10月公布,同时取缔了多国采纳的英国标准BS7799-2:2002,ISO/IEC27001:2005 标准以Edward Deming博士提出的“计划-实施-核查-采取行动”循环周期作为制定蓝图,以实现持续改善的目标。I
ISO / iec27001:2005 standard in October 2005 released, while banning the multinational adopted the British standard bs7799-2:2002, ISO / iec27001:2005 standard to Dr. Edward Deming proposed "plan - Implementation - check - act" cycle is formulated as a blueprint, in order to achieve the goal of continuous improvement. I
SO/IEC 27001:2005 标准为所有行业的机构都提供了一套业务工具,协助其避免信息保安的失误,从而降低了相应的风险。正式推行ISO/IEC27001:2005 并取得有关认证的机构将受益匪浅。
27001:2005 SO/IEC standards for all sectors of the agency are provided with a set of business tools to help them avoid the mistakes of information security, thereby reducing the corresponding risk. Formal implementation of ISO/IEC27001:2005 and obtain the relevant certification institutions will benefit a lot.