ISO27001标准：2013中英文对照版

ISO标准——IEC 27001:2013信息安全管理体系——要求Reference numberISO/IEC 27001:2013(E1范围 1 Scope本国际标准规定了在组织背景下建立、实施、维护和持续改进信息安全管理体系。

本标准还包括信息安全风险评估和处置要求,可裁剪以适用于组织。

本国际标准的要求是通用的,适用于所有的组织,不考虑类型、规模和特征。

当组织声称符合本国际标准时,任何条款4-10的排除是不可接受的。

This International Standard specifies the requirements for establishing, implementing, maintaining and continually improvingan information security management system within the contextof the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this International Standard.2 规范性引用文件下列参考文件是本文件的标准参考,也是应用本文件必不可缺的。

iso27001信息安全管理体系英文全文共10篇示例，供读者参考篇1ISO 27001 is like a super important thing when it comes to keeping our information safe. It's a bit like having a secret code to protect all our stuff on the computer.So, have you ever wondered how companies keep our info safe? Well, ISO 27001 is like a superhero that helps them do that. It's a special system that companies use to make sure all our information is safe and secure.First of all, ISO 27001 stands for International Organization for Standardization (ISO) and it's all about making sure companies have a proper system in place to protect their information. It's like having a superpower that can protect all our secrets and keep them safe from bad guys.You see, there are all these rules and guidelines that companies have to follow to get certified with ISO 27001. They have to do things like assess risks, set up security measures, and train their employees on how to keep information safe.Once a company gets certified with ISO 27001, it's like they have a badge of honor that shows they are serious about keeping our information safe. It's like having a special shield that protects all our secrets from getting into the wrong hands.So, next time you see that ISO 27001 badge, remember that it's like having a superhero that's there to protect all our information and keep it safe from the bad guys. ISO 27001 is like our own personal superhero that keeps our secrets safe and sound.篇2ISO 27001 is a super important thing in the world of computers and stuff. It's all about keeping information safe and secure so bad guys can't get in and mess things up. Let me tell you all about it in a cool and fun way!First of all, ISO 27001 is like a secret code that helps companies protect their computer systems and data. It's kind of like a superhero cape that keeps the bad guys away. With ISO 27001, companies make sure their information is safe from hackers, viruses, and all sorts of cyber threats.To get ISO 27001 certified, a company has to do a bunch of things to show they're serious about cybersecurity. They have todo stuff like setting up firewalls, using strong passwords, training employees on how to spot scams, and making sure data is backed up in case something goes wrong.Once a company has done all the things to protect their information, they can get ISO 27001 certified. It's like getting a medal for being a super awesome cyber defender! Customers and partners will see the certification and know that the company takes security seriously.But ISO 27001 isn't just for big companies with lots of cool gadgets. Even small businesses can use ISO 27001 to keep their information safe. It's like having a magical shield that protects everything you care about.So, remember, ISO 27001 is all about keeping information safe and secure in the big world of computers. It's like having your own personal superhero to help protect your data from all the bad guys out there. So, stay safe and remember to always be cyber smart!篇3ISO 27001 is like a superhero that helps keep our information safe! It’s like having a secret shield to protect all our important stuff from bad guys who want to steal it.So, what exactly is ISO 27001? Well, it’s a specia l set of rules and guidelines that businesses use to make sure their information is kept safe and secure. Just like a treasure chest has a lock and key to keep the gold safe, ISO 27001 helps companies make sure their data stays out of the wrong hands.Imagine if your teacher had a secret code that only you and your classmates knew to keep your test scores safe from cheaters. That’s kind of what ISO 27001 does for businesses –it’s like a secret code to protect their secrets.For example, when a company has ISO 27001 certification, it means they have passed a series of tests to prove they are following all the rules to keep their information safe. It’s like getting a gold star for being a good student!But why is ISO 27001 so important? Well, think about all the important information we have nowadays – like our passwords, credit card details, and personal photos. If that information fell into the wrong hands, it could be really bad!By following the rules of ISO 27001, companies can make sure t hat doesn’t happen. They have to do things like keeping their computers and networks secure, training their employees on how to spot hackers, and having a plan in case something goes wrong.So, next time you see a company with an ISO 27001 badge, remember that they are like information guardians, watching over our secrets and making sure they stay safe and sound. ISO 27001 may not wear a cape, but it sure is a hero in the world of information security!篇4ISO27001 is a super important thing in the big, big world of information security. It's like a shield that protects all the secrets and important stuff in a company. So, what is ISO27001? Let me tell you all about it!First of all, ISO27001 is like a rule book that tells companies how to keep their information safe and sound. It's like a superhero that fights off bad guys who want to steal all the secrets. Companies need to follow the rules in ISO27001 to make sure everything is safe and protected.One of the cool things about ISO27001 is that it helps companies identify all the risks that could make their information not safe. Like, imagine if someone left their locker unlocked at school - that's a risk because someone could take their lunch money! ISO27001 helps companies figure out all the things thatcould go wrong so they can fix them before anything bad happens.Another important part of ISO27001 is making sure everyone in the company knows how to keep things safe. Just like we tell our little brothers and sisters not to share their passwords with anyone, ISO27001 tells companies to train their employees on how to keep everything secure. It's like teaching a secret handshake to only the people you trust!And guess what? ISO27001 isn't just for big, grown-up companies - even small companies can use it to keep their information safe. Just like how we learn to lock our bikes even if they're just little tricycles, companies of all sizes can useISO27001 to protect their secrets.In conclusion, ISO27001 is like a big, strong shield that companies use to keep all their secrets safe from bad guys. It helps them identify risks, train their employees, and make sure everything is as safe as can be. So next time you see a company talking about ISO27001, you'll know it's like their own little superhero fighting to keep all the secrets safe and sound!篇5ISO 27001 is a super important thing when we talk about keeping our information safe. It's like a superhero that protects all our secrets and makes sure bad guys can't get them.So, what is ISO 27001? It's basically a set of rules and guidelines that tell us how to keep our information safe. It's like having a big lock on a treasure chest full of precious jewels. ISO 27001 helps us make sure that only the right people can open the chest and see the jewels inside.But how does ISO 27001 work? Well, first we need to identify all the important information that we need to protect. This could be things like our passwords, personal details, or even ourtop-secret plans for a cool new invention. Once we know what we need to protect, we can start putting in place all the safety measures that ISO 27001 tells us to do.For example, ISO 27001 tells us to create strong passwords that are hard for bad guys to guess. It also tells us to encrypt our messages so that even if someone tries to spy on us, they won't be able to understand what we're saying. And ISO 27001 even tells us to have a backup plan in case something goes wrong and we lose our precious information.So, why is ISO 27001 so important? Well, imagine if a bad guy managed to steal all our secrets and use them against us.That would be terrible, right? But with ISO 27001, we can make sure that our secrets are safe and sound, like a dragon guarding its treasure.In conclusion, ISO 27001 is like a superhero that protects all our information from the bad guys. By following its rules and guidelines, we can keep our secrets safe and make sure that only the right people can see them. So remember, when it comes to information security, always trust in ISO 27001 to save the day!篇6ISO27001 is like a super cool superhero that helps keep all our information safe and secure. It's like having a secret shield to protect us from any bad guys who try to steal our secrets or mess with our stuff.So, what exactly is ISO27001? Well, it's basically a set of rules and guidelines that companies can follow to make sure their information is super secure. It's like having a secret code that only the coolest and most trustworthy people know about.ISO27001 covers everything from how to keep passwords safe to making sure our computers are protected from viruses. It's like having a secret weapon that helps us fight off any cyber attacks or online baddies that try to sneak into our systems.And the best part is, ISO27001 is not just for big companies or grown-ups. Even us little kids can learn about it and help keep our information safe. So, next time you see a lock symbol on a website or get a warning about a suspicious email, remember that ISO27001 is there to protect us.So, let's all be like ISO27001 superheroes and make sure our information stays safe and secure. Because when we work together and follow the rules, we can keep the bad guys away and make sure our online world is a happy and safe place for everyone.篇7I am in Primary School and I want to tell you about ISO 27001 Information Security Management System. ISO 27001 is like a superhero that keeps all our information safe and secure. It helps to protect our data, like our photos, videos, and messages, from bad guys who want to steal it.ISO 27001 helps companies and organizations to create a set of rules and procedures to keep all our information safe. They have to check and update these rules regularly to make sure they are still working properly. It's like having a special shield to protect all our information from being hacked or leaked.There are different steps to follow to make sure our information is safe with ISO 27001. First, we need to identify all the information we want to protect. This could be things like our passwords, personal details, or even our favorite games. Then, we need to assess the risks to see how likely it is that someone could get our information. After that, we need to put in place security measures like passwords, firewalls, and encryption to keep our data safe.ISO 27001 also helps us to train our staff and make sure they understand how to keep our information secure. They need to know what to do if they see something suspicious, like an email asking for our password or a strange website trying to get our details. They also need to know how to report any security incidents so they can be dealt with quickly.Overall, ISO 27001 is like a big, powerful shield that protects all our information from harm. It helps us to keep our data safe, so we can enjoy using technology without worrying about our information being stolen. ISO 27001 is our superhero in the digital world, keeping us safe and secure.篇8ISO 27001 is a super cool thing that helps keep all our information safe and secure. It's like a superhero for data! ISO 27001 is all about making sure that companies and organizations have a really strong system in place to protect things like passwords, personal information, and important files.So, how does ISO 27001 work? Well, first off, companies have to do a big ol' risk assessment to figure out where their information might be at risk. This helps them know what areas they need to focus on to keep things safe. Then, they come up with a plan to address those risks and make sure everything is as secure as possible.One of the coolest things about ISO 27001 is that it's not a one-time thing. Companies have to keep working on their information security all the time to make sure it stays strong. They have to monitor for any new risks that might pop up and keep improving their security measures.Having ISO 27001 certification is like having a gold star for your information security. It shows that a company is really serious about keeping data safe and that they have all the right systems in place to do it.So, next time you hear about ISO 27001, remember that it's like a superhero for our data - always fighting off the bad guys and keeping things safe and secure!篇9Title: My Adventure with ISO 27001 Information Security Management SystemHi everyone! Today, I want to share with you my exciting journey into the world of ISO 27001 Information Security Management System. Sounds fancy, right? But don't worry, I'll explain everything in a way that is easy to understand.So, what is ISO 27001? It's basically a set of rules that businesses can follow to keep their information safe and secure. Just like how we lock our diaries to keep our secrets safe, companies use ISO 27001 to protect their important information from getting into the wrong hands.I was first introduced to ISO 27001 when my dad told me that his company was working towards getting certified. He explained to me that it's important for businesses to have strong security measures in place to protect their data from cyber attacks and other threats.I got curious and decided to learn more about it. I found out that ISO 27001 helps companies identify risks to their information and create policies and procedures to manage and reduce those risks. It's like having a superhero team that protects the company's secrets from the bad guys!One of the things I learned is that ISO 27001 requires companies to regularly review and update their security measures. It's like doing a health check-up for the company's information to make sure everything is safe and sound.I also learned that companies need to train their employees on how to handle information securely. Just like how we learn about stranger danger and not to share personal information with strangers, employees need to know how to keep company secrets safe.It was fascinating to see how ISO 27001 helps companies build a culture of security where everyone plays a part in keeping information safe. It's like having a team of detectives working together to solve the mystery of how to keep the bad guys out!I even got to visit my dad's office and see some of the security measures they have in place. They had CCTV cameras, access control systems, and secure passwords just like in a spymovie. It was so cool to see how companies take information security seriously.In the end, I realized that ISO 27001 is like a shield that companies use to protect themselves from the dangers lurking in the digital world. It's not just about keeping information safe, it's about building trust with customers and stakeholders that their data is in good hands.I hope you enjoyed my little adventure with ISO 27001. Remember, just like how we keep our toys safe from our pesky little siblings, companies need to keep their information safe from cyber threats. ISO 27001 is the superhero that helps them do just that!Thanks for listening to my story! Stay safe and remember to always keep your secrets locked up tight. Bye for now!篇10ISO27001 Information Security Management SystemHi everyone! Today let’s talk about ISO27001, which is a super important thing to keep our information safe and secure. ISO27001 is like a superhero that protects our information fromthe bad guys like hackers and thieves. It’s like having a big, strong security guard for all our data!So, what exactly is ISO27001? Well, it’s a set of rules and guidelines that help companies and organizations keep their information safe. It tells them what they need to do to make sure their data is secure, like having strong passwords, making backups of important files, and training employees to be careful with sensitive information.Having ISO27001 in place is like having a shield to protect all our information. It helps companies prevent cyber-attacks, data breaches, and other bad things that can happen when our information is not safe. Just like wearing a helmet when riding a bike to protect your head, ISO27001 helps protect all the important data that companies and organizations have.To get ISO27001, companies have to go through a process called certification. It’s like getting a badge to show that they have good security practices in place. They have to show that they have done everything they can to keep their information safe, like having firewalls to block hackers, encrypting data to make it unreadable to anyone who shouldn’t see it, and having plans in place in case something bad happens.Having ISO27001 certification is like getting a gold star for being super safe and secure with information. It shows that a company takes security seriously and wants to make sure that all the information they have is protected. So, when you see a company with ISO27001 certification, you can feel safe knowing that they are doing everything they can to keep your data secure.In conclusion, ISO27001 is like a superhero that helps keep our information safe and secure. It’s like having a big, strong guardian for all our data. So, let’s all r emember to follow the guidelines of ISO27001 to protect our information and keep it safe from harm. Let’s all be superheroes of information security!。

123456789101112131415161718192021Information technology- Security techniques22-Information security management systems-Requirements 2324信息技术-安全技术-信息安全管理体系-要求25Foreword26前言272829ISO (the International Organization for Standardization) and IEC 30(the International Electro technical Commission) form the 31specialized system for worldwide standardization. National bodies 32that are members of ISO or IEC participate in the development of 33International Standards through technical committees established by 34the respective organization to deal with particular fields of 35technical activity. ISO and IEC technical committees collaborate 36in fields of mutual interest. Other international organizations, 37governmental and non-governmental, in liaison with ISO and IEC, also 38take part in the work. In the field of information technology, ISO 39and IEC have established a joint technical committee, ISO/IEC JTC 1.40ISO（国际标准化组织）和IEC（国际电工委员会）是为国际标准化制定专41门体制的国际组织。

Informationtechnology-Securitytechniques -Informationsecuritymanagementsystems-Requirements信息技术-安全技术-信息安全管理体系-要求Foreword前言ISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrote chnicalCommission)formthespecializedsystemforworldwidestandardization.Nationalb odiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandard sthroughtechnicalcommitteesestablishedbytherespectiveorganizationtodealwithpartic ularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutu alinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.Inthefieldofinformationte chnology,ISOandIEChaveestablishedajointtechnicalcommittee,ISO/IECJTC1.ISO（国际标准化组织）和IEC（国际电工委员会）是为国际标准化制定专门体制的国际组织。

国家机构是ISO或IEC的成员，他们通过各自的组织建立技术委员会参与国际标准的制定，来处理特定领域的技术活动。

国际标准 ISO/IEC 27001第二版 2013-10-01中文翻译版 第0.1版 2013-10-17参考号ISO/IEC 27001:2013（E ）©ISO /IEC 2013信息技术——安全技术——信息安全管理体系——要求受版权保护的文档©ISO/IEC 2013保留所有权利。

除非另有说明，未经事先书面许可，不得通过任何形式或手段进行复制或利用本出版物的任何部分内容，包括电子、机械、影印，或张贴在互联网或企业内部网上。

可通过下面所列的ISO组织地址或ISO成员机构获得许可。

ISO版权办公室Case postale 56 • CH-1211 Geneva 20电话：+ 41 22 749 01 11传真：+ 41 22 749 09 47电子信箱：copyright@网址：瑞士出版翻译说明继ISO/IEC 27000系列文件于2005年发布之后，历经8年的时间，ISO组织终于在日前发布了2013新版。

关注ISO/IEC 27000系列国际标准的读者可以学习并参阅该标准。

为了便于国内读者的阅读和使用，笔者团队利用业余时间自行翻译了本中文版本。

因团队水平有限，其中错误和遗漏之处在所难免。

欢迎各位安全界同仁批评指正。

声明：若因阅读、使用本文而给读者造成的任何形式的损失，本团队不承担任何责任。

本中文版文件的著作权归本团队所有。

本文仅供网上阅读学习之用，亦可通过电子文件复制的方式进行传播。

未经授权，不得用于任何商业目的。

翻译团队：齐芳邮箱：qifang@陆辉邮箱：luhui@刘凯邮箱：liukai@蔡昆邮箱：caikun@贡献者:付峥邮箱：fuzheng@徐特邮箱：xute@目录0介绍............................................................................... x xxv 1范围. (1)2规范性引用 (1)3术语与定义 (1)4组织的环境 (1)4.1理解组织及环境 (1)4.2理解相关方的需求和期望 (1)4.3明确信息安全管理体系的范围 (1)4.4信息安全管理体系 (2)5领导 (2)5.1领导与承诺 (2)5.2方针 (2)5.3组织角色、职责和权力 (2)6计划 (3)6.1处置风险和机遇的活动 (3)6.2信息安全目标和实施计划 (4)7支持 (5)7.1资源 (5)7.2能力 (5)7.3意识 (5)7.4沟通 (5)7.5文档信息 (5)8操作 (6)8.1操作规划和控制 (6)8.2信息安全风险评估 (7)8.3信息安全风险处置 (7)9绩效评价 (7)9.1监测、测量、分析和评价 (7)9.2内部审核 (7)9.3管理评审 (8)10改进 (8)10.1不符合情况和改正措施 (8)10.2持续改进 (9)附录A（引用）参考控制目标和控制措施 (10)参考书目 (20)前言国际标准化组织（ISO）是由各国标准化团体（ISO成员团体）组成的世界性的联合会。

Information technology- Security techniques —Information security management systems-Requirements 信息技术—安全技术-信息安全管理体系-要求Foreword前言ISO (the International Organization for Standardization) and IEC （the International Electro technical Commission）form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity。

ISO and IEC technical committees collaborate in fields of mutual interest。

Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work。

In the field of information technology， ISO and IEC have established a joint technical committee， ISO/IEC JTC 1。

Information technology- Security techniques-Information security management systems-Requirements 信息技术-安全技术-信息安全管理体系-要求Foreword前言ISO (the International Organization for Standardization) and IEC (the International Electro technical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.ISO（国际标准化组织）和IEC（国际电工委员会）是为国际标准化制定专门体制的国际组织。

Information technology- Security techniques-Information security management systems-Requirements信息技术-安全技术-信息安全管理体系-要求Foreword前言ISO (the International Organization for Standardization) and IEC (the International Electro technical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal withparticular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.ISO（国际标准化组织）和IEC（国际电工委员会）是为国际标准化制定专门体制的国际组织。