Removed orphaned tags form BoF
This commit is contained in:
parent
2c59707ef5
commit
405b666055
26 changed files with 21 additions and 71 deletions
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
# Introduction
|
||||
## 0 Introduction
|
||||
|
||||
## 0.1 General
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
# 1 Scope
|
||||
## 1 Scope
|
||||
|
||||
This document specifies the requirements for establishing, implementing, maintaining and continually improving an information
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,2 @@
|
|||
#iso27001/2022/EN
|
||||
## 10.1 Continual improvement
|
||||
|
||||
## 10.1-Continual improvement
|
||||
The organization shall continually improve the suitability, adequacy and effectiveness of the information security management system.
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
|
||||
## 10.2-Nonconformity-and-corrective action
|
||||
## 10.2 Nonconformity and corrective action
|
||||
|
||||
When a nonconformity occurs, the organization shall:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
# 2 Normative references
|
||||
## 2-Normative references
|
||||
|
||||
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
# 3 Terms and definitions
|
||||
## 3-Terms-and definitions
|
||||
|
||||
For the purposes of this document, the terms and definitions given in
|
||||
ISO/IEC 27000 apply.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
# 4.2 Understanding the needs and expectations of interested parties
|
||||
|
||||
## 4.2-Understanding-the-needs-and-expectations-of-interested parties
|
||||
The organization shall determine:
|
||||
|
||||
a\) interested parties that are relevant to the information security management system;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
# 4.3 Determining the scope of the information security management system
|
||||
|
||||
## 4.3-Determining-the-scope-of-the-information-security-management system
|
||||
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
|
||||
|
||||
When determining this scope, the organization shall consider:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,2 @@
|
|||
#iso27001/2022/EN
|
||||
# 4.4 Information security management system
|
||||
|
||||
## 4.4-Information-security-management system
|
||||
The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 5.1 Leadership and commitment
|
||||
|
||||
## 5.1-Leadership-and commitment
|
||||
Top management shall demonstrate leadership and commitment with respect to the information security management system by:
|
||||
|
||||
a\) ensuring the information security policy and the information security objectives are established and are compatible with the strategic direction of the organization;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 5.2 Policy
|
||||
|
||||
Top management shall establish an information security policy that:
|
||||
|
||||
a\) is appropriate to the purpose of the organization;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 5.3 Organizational roles, responsibilities and authorities
|
||||
|
||||
## 5.3-Organizational-roles-responsibilities-and authorities
|
||||
Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated within the organization.
|
||||
|
||||
Top management shall assign the responsibility and authority for:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 6.2 Information security objectives and planning to achieve them
|
||||
|
||||
## 6.2-Information-security-objectives-and-planning-to-achieve them
|
||||
The organization shall establish information security objectives at relevant functions and levels.
|
||||
|
||||
The information security objectives shall:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,2 @@
|
|||
#iso27001/2022/EN
|
||||
## 6.3 Planning of changes
|
||||
|
||||
## 6.3-Planning-of changes
|
||||
When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.
|
||||
|
|
@ -1,4 +1,2 @@
|
|||
#iso27001/2022/EN
|
||||
## 7.1 Resources
|
||||
|
||||
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
## 7.2 Competence
|
||||
|
||||
The organization shall:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
## 7.3 Awareness
|
||||
|
||||
Persons doing work under the organization's control shall be aware of:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
## 7.4 Communication
|
||||
|
||||
The organization shall determine the need for internal and external communications relevant to the information security management system including:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 7.5 Documented information
|
||||
|
||||
## 7.5-Documented information
|
||||
### 7.5.1 General
|
||||
|
||||
The organization's information security management system shall include:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 8.1 Operational planning and control
|
||||
|
||||
## 8.1-Operational-planning-and control
|
||||
The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in Clause 6, by:
|
||||
- establishing criteria for the processes;
|
||||
- implementing control of the processes in accordance with the criteria.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
# Clause 8.2: Information security risk assessment
|
||||
|
||||
## 8.2-Information-security-risk assessment
|
||||
The organization shall perform information security risk assessments at planned intervals or when significant changes are proposed or occur, taking account of the criteria established in [6.1.2a](ISO_27001_OT%206.1.2%20Information%20security%20risk%20assessment.md).
|
||||
|
||||
The organization shall retain documented information of the results of the information security risk assessments.
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 9.1 Monitoring, measurement, analysis and evaluation
|
||||
|
||||
## 9.1 Monitoring measurement analysis and evaluation
|
||||
The organization shall determine:
|
||||
|
||||
a\) what needs to be monitored and measured, including information security processes and controls;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
## 9.2 Internal audit
|
||||
|
||||
## 9.2-Internal audit
|
||||
### 9.2.1 General
|
||||
|
||||
The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
## 9.3 Management review
|
||||
## 9.3-Management review
|
||||
### 9.3.1 General
|
||||
|
||||
Top management shall review the organization\'s information security management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
#iso27001/2022/EN
|
||||
|
||||
# Foreword
|
||||
## F Foreword
|
||||
|
||||
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
| Clause | Title |
|
||||
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **F** | **[Foreword](27001/EN/ISO_27001_OT%20F%20Foreword.md)** |
|
||||
| **F** | **[Foreword](27001/EN/c-f-Foreword.md)** |
|
||||
| **0** | **[Introduction](27001/EN/c-0-Introduction.md)** |
|
||||
| **1** | **[Scope](27001/EN/c-1-Scope.md)** |
|
||||
| **2** | **[Normative references](27001/EN/c-2-Normative-references.md)** |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue