1 ISO/IEC 27001:2013(E) © ISO/IEC 2013 – All rights reserved ISO 标准——IEC 27001:2013 信息安全管理体系—— 要求 Reference nu mber ISO/IEC 27001:2013(E) 2 ISO/IEC 27001:2013(E) © ISO/IEC 2013 – All rights reserved 1 范围 1 Scope 本国际标准规定了在组织背景下建立、实施、维护和持续改进信息安全管理体系。本标准还包括信息安全风险评估和处置要求,可裁剪以适用于组织。本国际标准的要求是通用的,适用于所有的组织,不考虑类型、规模和特征。当组织声称符合本国际标准时,任何条款4-10 的排除是不可接受的。 This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard. 2 规范性引用文件 下列参考文件是本文件的标准参考,也是应用本文件必不可缺的。对于标注日期的引用文件,仅适用于引用版本。对于不标注日期的引用文件,适用于最新版本的引用文件。 ISO/IEC 27000,信息技术—安全技术—信息安全管理体系-简介和词汇表。 2 Normativ e references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 27000, Information technology — Security techniques — Information ...