ДСТУ EN ISO/IEC 27001:2022 Информационные технологии. Методы защиты. Системы управления информационной безопасностью. Требования (EN ISO/IEC 27001:2017, IDT; ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:...



ДСТУ EN ISO/IEC 27001:2022
(EN ISO/IEC 27001:2017, IDT; ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015, IDT)

Інформаційні технології. Методи захисту. Системи управління
інформаційною безпекою. Вимоги

 

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

0 Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

4.1 Understanding the оrganization and its context

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the information security management system

4.4 Information security management system

5 Leadership

5.1 Leadership and commitment

5.2 Policy

5.3 Organizational roles, responsibilities and authorities

6 Planning

6.1 Actions to address risks and opportunities

6.2 Information security objectives and planning to achieve them

7 Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

8 Operation

8.1 Operational planning and control

8.2 Information security risk assessment

8.3 Information security risk treatment

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.3 Management review

10 Improvement

10.1 Nonconformity and corrective action

10.2 Continual improvement

Annex A (normative) Reference control objectives and controls

Bibliography