This standard BS ISO/IEC 27003:2017 Information technology. This edition instead provides guidance on the requirements, regardless of the order in which they are implemented. The previous edition had a project approach with a sequence of activities. ISO/IEC 27003 offers pragmatic explanation with plain-speaking advice and guidance for implementers of ‘27001.
It adopts ISO’s new high level structure and common core management system terms and definitions.
It also complements the other two supporting guidance standards BS ISO/IEC 27004 (monitoring, measurement, analysis and evaluation) and BS ISO/IEC 27005 (information security risk management). This document provides essential and comprehensive guidance on the requirements for an information security management system (ISMS) as specified in BS EN ISO/IEC 27001 and provides recommendations (‘should’), possibilities (‘can’) and permissions (‘may’) in relation to them. This is a supporting guidance document for the information security management system (ISMS) requirements standard BS EN ISO/IEC 27001.Īnyone planning to build, operate, audit or certify an ISMS based on BS EN ISO/IEC 27001.
0 kommentar(er)
