ISO27001认证 信息安全ISO27001体系PDCA持续改进理论
发布时间: 2015-12-21 17:06 点击:
The theory of PDCA continuous improvement of ISO27001 certification information security
基于PDCA循环框架构建信息安全管理体系,通过规划、设计实施、监控审计、以及持续改进,保证体系运作的有效性和长效性,真正实现信息安全的持续改进和优化,从而保障组织的业务安全。
Based on PDCA cycle framework, information security management system is constructed. Through planning, design and implementation, monitoring and auditing, and continuous improvement, the effectiveness and long-term effectiveness of the system operation are ensured, and the continuous improvement and optimization of information security are truly realized, so as to ensure the business security of the organization.
这也是一套通用的信息安全PDCA循环方法论。无论互联网企业,还是传统的金融行业,都可以采用这种方式。
This is also a general PDCA cycle methodology of information security. No matter the Internet enterprises or the traditional financial industry, this method can be adopted.
标准是固定不变的,但行业的最佳实践各有各的不同。因此,ISO27001体系建设,必须和组织自身情况相结合,不能为了标准符合而限制业务。
Standards are fixed, but industry best practices vary. Therefore, the construction of ISO27001 system must be combined with the situation of the organization itself, and business cannot be restricted for the sake of standard compliance.