ДСТУ EN ISO/IEC 27701:2022 Методы безопасности. Расширение ISO/IEC 27001 и ISO/IEC 27002 для управления конфиденциальной информацией. Требования и указания (EN ISO/IEC 27701:2021, IDT; ISO/IEC 27701:2019, IDT...
ДСТУ EN ISO/IEC 27701:2022
(EN ISO/IEC 27701:2021, IDT; ISO/IEC 27701:2019, IDT)
Методи безпеки. Розширення до ISO/IEC 27001 та ISO/IEC 27002
для управління
конфіденційною інформацією. Вимоги та вказівки
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)
Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms, definitions and abbreviations
4 General
4.1 Structure of this document
4.2 Application of ISO/IEC 27001:2013 requirements
4.3 Application of ISO/IEC 27002:2013 guidelines
4.4 Customer
5 PIMS-specific requirements related to ISO/IEC 27001
5.1 General
5.2 Context of the organization
5.3 Leadership
5.4 Planning
5.5 Support
5.6 Operation
5.7 Performance evaluation
5.8 Improvement
6 PIMS-specific guidance related to ISO/IEC 27002
6.1 General
6.2 Information security policies
6.3 Organization of information security
6.4 Human resource security
6.5 Asset management
6.6 Access control
6.7 Cryptography
6.8 Physical and environmental security
6.9 Operations security
6.10 Communications security
6.11 Systems acquisition, development and maintenance
6.12 Supplier relationships
6.13 Information security incident management
6.14 Information security aspects of business continuity management
6.15 Compliance
7 Additional ISO/IEC 27002 guidance for PII controllers
7.1 General
7.2 Conditions for collection and processing
7.3 Obligations to PII principals
7.4 Privacy by design and privacy by default
7.5 PII sharing, transfer, and disclosure
8 Additional ISO/IEC 27002 guidance for PII processors
8.1 General
8.2 Conditions for collection and processing
8.3 Obligations to PII principals
8.4 Privacy by design and privacy by default
8.5 PII sharing, transfer, and disclosure
Annex A (normative) PIMS-specific reference control objectives and controls (PII Controllers)
Annex В (normative) PIMS-specific reference control objectives and controls (PII Processors)
Annex C (informative) Mapping to ISO/IEC 29100
Annex D (informative) Mapping to the General Data Protection Regulation
Annex E (informative) Mapping to ISO/IEC 27018 and ISO/IEC 29151
Annex F (informative) How to apply ISO/IEC 27701 to ISO/IEC 27001 and ISO/IEC 27002
Bibliography
Полная версия документа доступна в тарифе «ВСЕ ВКЛЮЧЕНО».