ISO IEC 27701-2019 中文版

国际标准 ISO/IEC 27701 第一版 2019 -08 安全技术 – 针对ISO/IEC 27001 和ISO/IEC 27002 在隐私信息管理的扩展 - 要求和指南参考编号 ISO/IEC 27701 :2019（E） ©ISO/IEC 2019 ISO/IEC 27701:2019 （E） © ISO/IEC 2019 - 保留所有权利 i 内容页前言 ________________________________ ________________________________ _________________ vii 0 引言 ________________________________ ________________________________ ____________ viii 0.1 总则 ________________________________ ________________________________ _________________ viii 0.2 与其他管理体系的兼容性 ________________________________ _______________________________ viii 1 范围 ________________________________ ________________________________ _____________ 1 2 规范性引用文献 ________________________________ ________________________________ ___ 1 3 术语，定义和缩写 ________________________________ ________________________________ _ 1 3.1 联合PII控制者 ________________________________ ________________________________ ___________ 1 3.2 隐私信息管理体系 PIMS ________________________________ ________________________________ __ 2 4 总则 ________________________________ ________________________________ _____________ 2 4.1 本标准的结构 ________________________________ ________________________________ ___________ 2 4.2 ISO/IEC 27001:2013 要求的应用 ________________________________ ___________________________ 2 4.3 ISO/IEC 27002:2013 指南的应用 ________________________________ ___________________________ 3 4.4 顾客 ________________________________ ________________________________ ___________________ 4 5 与ISO/IEC 27001 相关的 PIMS特定要求 ________________________________ _______________ 4 5.1 总则 ________________________________ ________________________________ ___________________ 4 5.2 组织环境 ________________________________ ________________________________ _______________ 4 5.2.1 理解组织及其环境 ________________________________ ________________________________ _________________ 4 5.2.2 理解相关方的需求和期望 ________________________________ ________________________________ ___________ 5 5.2.3 确定信息安全管理体系的范围 ________________________________ ________________________________ _______ 5 5.2.4 信息安全管理体系 ________________________________ ________________________________ _________________ 5 5.3 领导 ________________________________ ________________________________ ___________________ 5 5.3.1 领导和承诺 ________________________________ ________________________________ _______________________ 5 5.3.2 方针 ________________________________ ________________________________ _____________________________ 5 5.3.3 组织角色，职责和权限 ________________________________ ________________________________ _____________ 5 5.4 规划 ________________________________ ________________________________ ___________________ 6 ISO/IEC 27701:2019(E) （E ） © ISO / IEC 2019 - 保留所有权利 ii 5.4.1 应对风险和机会的措施 ________________________________ ________________________________ _____________ 6 5.4.2 信息安全目标和实现规划 ________________________________ ________________________________ ___________ 7 5.5 支持 ________________________________ ________________________________ ___________________ 7 5.5.1 资源 ________________________________ ________________________________ _____________________________ 7 5.5.2 能力 ________________________________ ________________________________ _____________________________ 7 5.5.3 意识 ________________________________ ________________________________ _____________________________ 7 5.5.4 沟通 ________________________________ ________________________________ _____________________________ 7 5.5.5 文件记录信息 ________________________________ ________________________________ _____________________ 7 5.6 运行 ________________________________ ________________________________ ___________________ 7 5.6.1 运行的规划和控制 ________________________________ ________________________________ _________________ 7 5.7 绩效评价 ________________________________ ________________________________ _______________ 8 5.7.1 监测，测量，分析和评价