SIST ISO/IEC 27001:2013
(Main)Information technology -- Security techniques -- Information security management systems -- Requirements
Information technology -- Security techniques -- Information security management systems -- Requirements
This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless
of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.
Technologies de l'information -- Techniques de sécurité -- Systèmes de management de la sécurité de l'information -- Exigences
L'ISO/CEI 27001:2013 sp�cifie les exigences relatives � l'�tablissement, � la mise en �uvre, � la mise � jour et � l'am�lioration continue d'un syst�me de management de la s�curit� de l'information dans le contexte d'une organisation. Elle comporte �galement des exigences sur l'appr�ciation et le traitement des risques de s�curit� de l'information, adapt�es aux besoins de l'organisation. Les exigences fix�es dans l'ISO/CEI 27001:2013 sont g�n�riques et pr�vues pour s'appliquer � toute organisation, quels que soient son type, sa taille et sa nature. Il n'est pas admis qu'une organisation s'affranchisse de l'une des exigences sp�cifi�es aux Articles 4 � 10 lorsqu'elle revendique la conformit� � l'ISO/CEI 27001:2013.
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske varnosti - Zahteve
Ta mednarodni standard določa zahteve za vzpostavitev, izvajanje, vzdrževanje in nenehno izboljševanje sistema upravljanja informacijske varnosti v okviru organizacije. Ta mednarodni standard zajema tudi zahteve za ocenjevanje in obravnavanje tveganj informacijske varnosti, ki so prilagojene potrebam organizacije. Zahteve, postavljene v tem mednarodnem standardu, so generične in so namenjene uporabi v vseh organizacijah ne glede na vrsto, velikost ali naravo. Izključevanje katere koli zahteve, določene v točkah 4 do 10, ni sprejemljivo, kadar organizacija zagotavlja skladnost s tem mednarodnim standardom.
General Information
Relations
Buy Standard
Standards Content (Sample)
SLOVENSKI STANDARD
SIST ISO/IEC 27001:2013
01-november-2013
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske
varnosti - Zahteve
Information technology -- Security techniques -- Information security management
systems -- Requirements
Technologies de l'information -- Techniques de sécurité -- Systèmes de management de
la sécurité de l'information -- Exigences
Ta slovenski standard je istoveten z: ISO/IEC 27001:2013
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
SIST ISO/IEC 27001:2013 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ISO/IEC 27001:2013
---------------------- Page: 2 ----------------------
SIST ISO/IEC 27001:2013
INTERNATIONAL ISO/IEC
STANDARD 27001
Second edition
2013-10-01
Information technology — Security
techniques — Information security
management systems — Requirements
Technologies de l’information — Techniques de sécurité — Systèmes
de management de la sécurité de l’information — Exigences
Reference number
ISO/IEC 27001:2013(E)
©
ISO/IEC 2013
---------------------- Page: 3 ----------------------
SIST ISO/IEC 27001:2013
ISO/IEC 27001:2013(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved
---------------------- Page: 4 ----------------------
SIST ISO/IEC 27001:2013
ISO/IEC 27001:2013(E)
Contents Page
Foreword .iv
0 Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of interested parties . 1
4.3 Determining the scope of the information security management system . 1
4.4 Information security management system . 2
5 Leadership . 2
5.1 Leadership and commitment . 2
5.2 Policy . 2
5.3 Organizational roles, responsibilities and authorities. 3
6 Planning . 3
6.1 Actions to addres
...
ISO/IEC
27001
Information
technology
Security techniques
Information security
management systems
Requirements
Second edition
2013-10-01
---------------------- Page: 1 ----------------------
Our vision Our process
To be the world’s leading provider of high qual- Our standards are developed by experts
ity, globally relevant International Standards all over the world who work on a volunteer
through its members and stakeholders. or part-time basis. We sell International
Standards to recover the costs of organizing
this process and making standards widely
Our mission
available.
ISO develops high quality voluntary
Please respect our licensing terms and
International Standards that facilitate interna-
copyright to ensure this system remains
tional exchange of goods and services, support
independent.
sustainable and equitable economic growth,
If you would like to contribute to the devel-
promote innovation and protect health, safety
opment of ISO standards, please contact the
and the environment.
ISO Member Body in your country:
www.iso.org/iso/home/about/iso_mem-
bers.htm
This document has been prepared by:
Copyright protected document
ISO/IEC JTC 1, Information technology, SC 27,
IT Security techniques. All rights reserved. Unless otherwise speci-
fied, no part of this publication may be repro-
Committee members:
duced or utilized otherwise in any form or
ABNT, AENOR, AFNOR, ANSI, ASI, ASRO, BIS,
by any means, electronic or mechanical,
BSI, BSJ, CODINORM, CYS, DGN, DIN, DS, DSM,
including photocopy, or posting on the inter-
DTR, ESMA, EVS, GOST R, IANOR, ILNAS,
net or intranet, without prior permission.
IMANOR, INDECOPI, INN, IRAM, ISRM, JISC,
Permission can be requested from either ISO
KATS, KAZMEMST, KEBS, MSB, NBN, NEN,
at the address below or ISO’s member body
NSAI, PKN, SA, SABS, SAC, SCC, SFS, SII, SIS,
in the country of the requester:
SIST, SLSI, SN, SNV, SNZ, SPRING SG, SUTN,
© ISO/IEC 2013, Published in Switzerland
TISI, UNI, UNIT, UNMZ, (ISC)2, CCETT, Cloud
security alliance, ECBS, Ecma International,
ISO copyright office
ENISA, EPC, ISACA, ISSEA, ITU, Mastercard,
Case postale 56 • CH-1211 Geneva 20
Mastercard - Europe
Tel. +41 22 749 01 11
Fax. +41 22 749 09 47
This list reflects contributing members at the
E-mail copyright@iso.org
time of publication.
Web www.iso.org
Cover photo credit: ISO/CS, 2013
© ISO/IEC 2013 – All rights reserved
2
---------------------- Page: 2 ----------------------
ISO/IEC 27001:2013
Executive summary
• Organizations of all types and sizes col- continually improving an information
lect, process, store and transmit infor- security management system.
mation in many forms. This information • It can be used by internal and external
is valuable to an organization’s business parties to assess the ability of an orga-
and operations. nization to meet its own information
• In today’s interconnected and mobile security requirements.
world, information is processed us- • Effective information security assures
ing systems and networks that employ management and other stakeholders
state-of-the-art technology. It is vital to that the organization’s assets are safe,
protect this information against both thereby acting as a business enabler.
deliberate and accidental threats and • Other International Standards in the
vulnerabilities. ISO/IEC 27000 family give complemen-
• ISO/IEC 27001 helps organizations to tary advice or requirements on other
keep secure both their information as- aspects of the overall process of manag-
sets and those of their customers. ing information security.
• It provides requirements for establish-
ing, implementing, maintaining and
© ISO/IEC 2013 – All rights reserved
3
---------------------- Page: 3 ----------------------
ISO/IEC 27001:2013
Contents Page
Our vision .2
Our mission .2
Our process .2
Copyright protected document .2
Executive summary .3
Foreword .
...
INTERNATIONAL ISO/IEC
STANDARD 27001
Second edition
2013-10-01
Information technology — Security
techniques — Information security
management systems — Requirements
Technologies de l’information — Techniques de sécurité — Systèmes
de management de la sécurité de l’information — Exigences
Reference number
ISO/IEC 27001:2013(E)
©
ISO/IEC 2013
---------------------- Page: 1 ----------------------
ISO/IEC 27001:2013(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 27001:2013(E)
Contents Page
Foreword .iv
0 Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of interested parties . 1
4.3 Determining the scope of the information security management system . 1
4.4 Information security management system . 2
5 Leadership . 2
5.1 Leadership and commitment . 2
5.2 Policy . 2
5.3 Organizational roles, responsibilities and authorities. 3
6 Planning . 3
6.1 Actions to address risks and opportunities . 3
6.2 Information security objectives and planning to achieve them . 5
7 Support . 5
7.1 Resources . 5
7.2 Competence .
...
INTERNATIONAL ISO/IEC
STANDARD 27001
Redline version
compares second edition
to first edition
Information technology — Security
techniques — Information security
management systems — Requirements
Technologies de l’information — Techniques de sécurité — Systèmes
de management de la sécurité de l’information — Exigences
Reference number
ISO/IEC 27001:redline:2014(E)
©
ISO/IEC 2014
---------------------- Page: 1 ----------------------
ISO/IEC 27001:redline:2014(E)
IMPORTANT — PLEASE NOTE
This is a mark-up copy and uses the following colour coding:
Text example 1 — indicates added text (in green)
Text example 2 — indicates removed text (in red)
— indicates added graphic figure
— indicates removed graphic figure
1.x . — Heading numbers containg modifications are highlighted in yellow in
the Table of Contents
DISCLAIMER
This Redline version provides you with a quick and easy way to compare the main changes
between this edition of the standard and its previous edition. It doesn’t capture all single
changes such as punctuation but highlights the modifications providing customers with
the most valuable information. Therefore it is important to note that this Redline version is
not the official ISO standard and that the users must consult with the clean version of the
standard, which is the official standard, for implementation purposes.
COPYRIGHT PROTECTED DOCUMENT
© ISO 2014
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2014 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 27001:redline:2014(E)
Contents Page
Foreword .v
0 Introduction .vi
0.1 General .vi
0.2 Process approach .vi
0.3 Compatibility with other management systems . vii
1 Scope . 1
1.1 General . 1
1.2 Application . 1
2 Normative references . 1
3 Terms and definitions . 2
3 4 Terms and definitions Context of the organization . 2
4.1 Understanding the organization and its context . 2
4.2 Understanding the needs and expectations of interested parties . 2
4.3 Determining the scope of the information security management system . 2
4.4 Information security management system . 3
5 Leadershi
...
NORME ISO/CEI
INTERNATIONALE 27001
Deuxième édition
2013-10-01
Technologies de l’information —
Techniques de sécurité — Systèmes
de management de la sécurité de
l’information — Exigences
Information technology — Security techniques — Information
security management systems — Requirements
Numéro de référence
ISO/CEI 27001:2013(F)
©
ISO/CEI 2013
---------------------- Page: 1 ----------------------
ISO/CEI 27001:2013(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/CEI 2013
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Version française parue en 2013
Publié en Suisse
ii © ISO/CEI 2013 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO/CEI 27001:2013(F)
Sommaire Page
Avant-propos .iv
0 Introduction .v
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Contexte de l’organisation . 1
4.1 Compréhension de l’organisation et de son contexte. 1
4.2 Compréhension des besoins et des attentes des parties intéressées . 1
4.3 Détermination du domaine d’application du système de management de la sécurité
de l’information . 2
4.4 Système de management de la sécurité de l’information . 2
5 Leadership . 2
5.1 Leadership et engagement. 2
5.2 Politique . 2
5.3 Rôles, responsabilités et autorités au sein de l’organisation . 3
6 Planification . 3
6.1 Actions liées aux risques et opportunités . 3
6.2 Objectifs de sécurité de l’information et plans pour les atteindre . 5
7 Support . 5
7.1 Ressources .
...
ةيلودلا ةيسايقلا ةفصاوملا
ةينقتورهكلا ةيلودلا ةنجللا /وزـــيأ
00221
ةيمسرلا ةمجرتلا
Official translation
Traditionofficials
تابلطتملا – تامولعملا نمأ ةرادإ مظننملأا تاينقت - تامولعملا ايجولونكت
Information technology — Security techniques — Information security management
systems — Requirements (E)
Technologies de l’information — Techniques de sécurité — Systèmes
de management de la sécurité de l’information — Exigences (F)
يف ةمئاقلا رظنا( ةمجرتلا ةقد تدمتعأ يتلاISO يف ءاضعأ تائيه01نع ةبانلإاب ةيمسر ةيبرع ةمجرتك ارسيوس ،فينج يف ISO ةيزكرملا ةناملأا يف تعبط
.)ii ةحفص
ىعجرملا مقرلا
ISO\IEC 27001:2013 (A)
ةيمسرلا ةمجرتلا
©ISO 2013
---------------------- Page: 1 ----------------------
)ع( 0102/00110 يس يإ يأ/وزيأ
)هيونت( ةيلوئسم ءلاخإ
اذنه ةنعابط ننكمي هنإف Adobe ـل صيخرتلا ةسايس بجومبو ،ةجمدُم طوطخ ىلع )PDF( فلملا اذه يوتحي دق
متي يذلا بوساحلا يف ةلَّمحُمو ةصخرُمهيف ةجمدُملا طوطخلا نكت مل ام هليدعت متي َّلاأ ىلع ،هيلععلاطلاا وأ فلملا
ينف ،Adobe ـل صيخرتلا ةسايسب للاخلإا مدع ةيلوئسم - فلملا اذه ليزنت دنع - فارطلأا لمحتت و.ليدعتلا هيف
.لاجملا اذه لايح ةينوناق ةيلوئسم يأ لمحتت لاوزيلألةماعلا ةيراتركسلا نأنيح
Adobe.ـلا مظنل ةدحتملا ةكرشلل ةلجسم ةيراجت ةملاع Adobe ـلا دعت
ةنماعلا تانمولعملا ننم فنلملا اذنه ءانشنإ ينف ةمدختنسملا مماربلانب ةنصاخلا لينصافتلا نيمج ينلع لوصحلا نكمي
نونكي نأ ينعوُر نيح ،)PDF( ءانشنإ يف ةلخادلا تاريغتملا تن سُح دقف ةعابطلا لجلأو ، )PDF(فلمب ةقلعتملا
، فنلملا اذنهب لنلعتت ةلكنشم يأ شودنح ةنلاح ينفو ، ينيقتلل ةنيلودلا ةنمظنملا ءاضعلأ امئلام فلملا اذه مادختسا
.هاندأ لجسملا ناونعلا ىلع ةماعلا ةيراتركسلا غلابإ ىجرُي
ةفصاوملا تدمتعا يتلا ةيبرعلا سييقتلا تاهج
ندرلأا
ةيندرلأا سيياقملاو تافصاوملا ةسسؤم
تاراملإا
سيياقملاو تافصاوملل تاراملإا ةئيه
رئازجلا
سييقتلل يرئازجلا دهعملا
ةيدوعسلا
سيياقملاو تافصاوملل ةيدوعسلا ةئيهلا
قارعلا
ةيعونلا ةرطيسلاو سييقتلل يزكرملا زاهجلا
تيوكلا
ةعانصلل ةماعلا ةئيهلا
نادوسلا
سيياقملاو تافصاوملل ةينادوسلا ةئيهلا
نميلا
ةدوجلا طبضو سيياقملاو تافصاوملل ةينميلا ةئيهلا
سنوت
ةيعانصلا ةيكلملاو تافصاوملل ينطولا دهعملا
ايروس
ةيروسلا ةيبرعلا سيياقملاو تافصاوملا ةئيه
ايبيل
ةيسايقلا ريياعملاو تافصاوملل ينطولا زكرملا
رصم
ةدوجلاو تافصاوملل ةماعلا ةيرصملا ةئيهلا
رشنلاو عبطلا قوقح ةيامح ةقيثو
©0102وزيأ
ةليسو يأب وأ لكش يأب همادختسا وأ رادصلإا اذه نم ءزج يأ جاتنإ ةداعإ زوجي لا ،كلذ فلاخ دري كل امو .ةظوفحم قوقحلا يمج
دحا وأ هاندأ ناونعلا ىلع ييقتلل ةيلودلا ةمظنملا نم امإ يطخ نذإ نود ةقيقدلا ملافلأاو خسنلا كلذ يف امب ةيكيناكيم وأ ةينورتكلا
.ةبلاطلا ةهجلا ةلود يف ييقتلل ةيلودلا ةمظنملا يف ءاضعلأا تائيهلا
ييقتلل ةيلودلا ةمظنملا ةيكلم قوقح بتكم
01 فينج -Ch-1211- 65 :يديربلا زمرلا
1120000221000 :فتاه
1120000221220 : كاف
copyright@iso.org :ينورتكلا ديرب
www.iso.org :ينورتكللاا قوملا
0100يف ةيبرعلاةخسنلا رشن مت
ارسيوس يف رشنلا مت
© ISO 2013 - ةظوفحم قوقحلا عيمج ii
---------------------- Page: 2 ----------------------
)ع( 0102/00110يس يإ يأ / وزيأ
تايوتحملا
iv .ديهمت
v . ةمدقم 1
0 . لاجملا 0
0 . ةيليمكتلا جارملا 0
0 . فيراعتلاو تاحلطصملا 2
0 . ةأشنملا ةئيب 2
0 . اهتئيب ىف ةأشنملا مهف 0/2
0 . ةينعملا فارطلأا تاعقوتو تاجايتحا مهف 0/2
0 . تامولعملا نمأ ةرادإ ماظن لاجم ديدحت 2/2
0 . تامولعملا نمأ ةرادإ ماظن 2/2
0 . ةدايقلا 6
0 . مازتللااو ةدايقلا 0/6
0 . تاسايسلا 0/6
0 . ةيميظنتلا تاطلسلاو تايلوؤسملاو راودلأا 2/6
2 . طيطختلا 5
2 . رفلاو رطاخملا فادهتسا تاءارجلإا 0/5
2 .
...
SLOVENSKI SIST ISO/IEC 27001
STANDARD
november 2013
Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve (vključen popravek SIST ISO/IEC
27001:2013/AC101:2014)
Information technology – Security techniques – Information security management
systems – Requirements
Technologies de l'information – Techniques de sécurité – Systèmes de
management de la sécurité de l'information – Exigences
Referenčna oznaka
ICS 35.040 SIST ISO/IEC 27001:2013 (sl)
Nadaljevanje na straneh 2 do 27
© 2014-01. Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ISO/IEC 27001 : 2013
NACIONALNI UVOD
Standard SIST ISO/IEC 27001 (sl), Informacijska tehnologija – Varnostne tehnike – Sistemi
upravljanja informacijske varnosti – Zahteve, 2013, ima status slovenskega standarda in je istoveten
mednarodnemu standardu ISO/IEC 27001 (en), Information technology – Security techniques –
Information security management systems – Requirements, druga izdaja, 2013-10-01.
Ta standard preklicuje in nadomešča standard SIST ISO/IEC 27001:2010.
NACIONALNI PREDGOVOR
Mednarodni standard ISO/IEC 27001:2013 je pripravil pododbor združenega tehničnega odbora
Mednarodne organizacije za standardizacijo in Mednarodne elektrotehniške komisije ISO/IEC JTC
1/SC 27 Varnostne tehnike v informacijski tehnologiji.
Slovenski standard SIST ISO/IEC 27001:2013 je prevod mednarodnega standarda ISO/IEC
27001:2013. Slovenski standard SIST ISO/IEC 27001:2013 je pripravil tehnični odbor SIST/TC ITC
Informacijska tehnologija. V primeru spora glede besedila slovenskega prevoda je odločilen izvirni
mednarodni standard v angleškem jeziku.
Odločitev za izdajo tega standarda je dne 25. oktobra 2013 sprejel SIST/TC ITC Informacijska
tehnologija.
ZVEZA S STANDARDI
SIST ISO/IEC 27000 Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Pregled in izrazoslovje
OSNOVA ZA IZDAJO STANDARDA
– privzem standarda ISO/IEC 27001:2013
PREDHODNA IZDAJA
– ISO/IEC 27001:2010, Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve
OPOMBI
– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v SIST ISO/IEC
27001:2013 to pomeni “slovenski standard”.
– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
2
---------------------- Page: 2 ----------------------
SIST ISO/IEC 27001 : 2013
VSEBINA Stran
Predgovor .4
0 Uvod .5
0.1 Splošno.5
0.2 Združljivost z drugimi standardi za sisteme upravljanja.5
1 Področje uporabe .6
2 Zveza s standardi .6
3 Izrazi in definicije .6
4 Okvir organizacije .6
4.1 Razumevanje organizacije in njenega okvira.6
4.2 Razumevanje potreb in pričakovanj zainteresiranih strank.6
4.3 Določitev obsega sistema upravljanja informacijske varnosti .6
4.4 Sistem upravljanja informacijske varnosti .7
5 Voditeljstvo .7
5.1 Voditeljstvo in zavezanost .7
5.2 Politika .7
5.3 Organizacijske vloge, odgovornosti in pooblastila .
...
SLOVENSKI SIST ISO/IEC 27001
STANDARD
november 2013
Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve
Information technology – Security techniques – Information security management
systems – Requirements
Technologies de l'information – Techniques de sécurité – Systèmes de
management de la sécurité de l'information – Exigences
Referenčna oznaka
ICS 35.040 SIST ISO/IEC 27001:2013 (sl)
Nadaljevanje na straneh 2 do 27
© 2014-01. Slovenski inštitut za standardizacijo. Razmnoževanje ali kopiranje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ISO/IEC 27001 : 2013
NACIONALNI UVOD
Standard SIST ISO/IEC 27001 (sl), Informacijska tehnologija – Varnostne tehnike – Sistemi
upravljanja informacijske varnosti – Zahteve, 2013, ima status slovenskega standarda in je istoveten
mednarodnemu standardu ISO/IEC 27001 (en), Information technology – Security techniques –
Information security management systems – Requirements, druga izdaja, 2013-10-01.
Ta standard preklicuje in nadomešča standard SIST ISO/IEC 27001:2010.
NACIONALNI PREDGOVOR
Mednarodni standard ISO/IEC 27001:2013 je pripravil pododbor združenega tehničnega odbora
Mednarodne organizacije za standardizacijo in Mednarodne elektrotehniške komisije ISO/IEC JTC
1/SC 27 Varnostne tehnike v informacijski tehnologiji.
Slovenski standard SIST ISO/IEC 27001:2013 je prevod mednarodnega standarda ISO/IEC
27001:2013. Slovenski standard SIST ISO/IEC 27001:2013 je pripravil tehnični odbor SIST/TC ITC
Informacijska tehnologija. V primeru spora glede besedila slovenskega prevoda je odločilen izvirni
mednarodni standard v angleškem jeziku.
Odločitev za izdajo tega standarda je dne 25. oktobra 2013 sprejel SIST/TC ITC Informacijska
tehnologija.
ZVEZA S STANDARDI
SIST ISO/IEC 27000 Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Pregled in izrazoslovje
OSNOVA ZA IZDAJO STANDARDA
– privzem standarda ISO/IEC 27001:2013
PREDHODNA IZDAJA
– ISO/IEC 27001:2010, Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve
OPOMBI
– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v SIST ISO/IEC
27001:2013 to pomeni “slovenski standard”.
– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
2
---------------------- Page: 2 ----------------------
SIST ISO/IEC 27001 : 2013
VSEBINA Stran
Predgovor .4
0 Uvod .5
0.1 Splošno.5
0.2 Združljivost z drugimi standardi za sisteme upravljanja.5
1 Področje uporabe .6
2 Zveza s standardi .6
3 Izrazi in definicije .6
4 Okvir organizacije .6
4.1 Razumevanje organizacije in njenega okvira.6
4.2 Razumevanje potreb in pričakovanj zainteresiranih strank.6
4.3 Določitev obsega sistema upravljanja informacijske varnosti .6
4.4 Sistem upravljanja informacijske varnosti .7
5 Voditeljstvo .7
5.1 Voditeljstvo in zavezanost .7
5.2 Politika .7
5.3 Organizacijske vloge, odgovornosti in pooblastila .
...
SLOVENSKI STANDARD
oSIST ISO/IEC FDIS 27001:2013
01-september-2013
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske
varnosti - Zahteve
Information technology -- Security techniques -- Information security management
systems -- Requirements
Technologies de l'information -- Techniques de sécurité -- Systèmes de management de
la sécurité de l'information -- Exigences
Ta slovenski standard je istoveten z: ISO/IEC FDIS 27001
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
oSIST ISO/IEC FDIS 27001:2013 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
oSIST ISO/IEC FDIS 27001:2013
---------------------- Page: 2 ----------------------
oSIST ISO/IEC FDIS 27001:2013
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27001
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Information security
Voting begins on:
2013-07-03 management systems — Requirements
Voting terminates on:
Technologies de l’information — Techniques de sécurité — Systèmes
2013-09-03
de management de la sécurité de l’information — Exigences
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/IEC FDIS 27001:2013(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2013
---------------------- Page: 3 ----------------------
oSIST ISO/IEC FDIS 27001:2013
ISO/IEC FDIS 27001:2013(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved
---------------------- Page: 4 ----------------------
oSIST ISO/IEC FDIS 27001:2013
ISO/IEC FDIS 27001:2013(E)
Contents Page
Foreword .iv
0 Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of interested parties . 1
4.3 Determining the scope of the information security management system . 1
4.4 Information security management system . 2
5 Leadership . 2
5.1 Leadership and commitment . 2
5.2 Polic
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.