iT邦幫忙

DAY 26
7

ISO 27001:2013 與ISO 27001:2005差異比較系列 第 26

ISO 27001:2013 與ISO 27001:2005差異比較#26

新版ISO 27001對政策之要求, 沒有再區分 "Information security policies 資訊安全政策" 及"ISMS policies 資訊安全管理系統政策", 僅保留"Information security policies 資訊安全政策"
本文有關"Information security policies 資訊安全政策"相關要求如后:
5.1 Leadership and commitment 領導與承諾
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
a) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;

5.2 Policy 政策
Top management shall establish an information security policy that:
a) is appropriate to the purpose of the organization;
b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
c) includes a commitment to satisfy applicable requirements related to information security; and
d) includes a commitment to continual improvement of the information security management system.


上一篇
ISO 27001:2013 與ISO 27001:2005差異比較#25
下一篇
ISO 27001:2013 與ISO 27001:2005差異比較#27
系列文
ISO 27001:2013 與ISO 27001:2005差異比較31

1 則留言

0

我要留言

立即登入留言