×

微信扫一扫,快捷登录!

ISO 27001 PDCA流程总结  

标签: 暂无标签
ISO 27001 PDCA流程总结

Plan:
1. Define the scope of the ISMS.
2. Define an ISMS policy.
3. Define the approach to risk assessment.
4. Identify the risks.
5. Assess the risks.
6. Identify and evaluate options for the treatment of risk.
7. Select control objectives and controls.
8. Prepare a statement of applicability (SOA).

Do:
9. Formulate a risk treatment plan.
10. Implement the risk treatment plan.
11. Implement controls.
12. Implement training and awareness programs.
13. Manage operations.
14. Manage resources.
15. Implement procedures to detect and respond to security incidents.

Check:
16. Execute monitoring procedures.
17. Undertake regular reviews of ISMS effectiveness.
18. Review the level of residual and acceptable risk.
19. Conduct internal ISMS audits.
20. Undertake regular management review of the ISMS.
21. Record actions and events that impact an ISMS.

Act:
22. Implement identified improvements.
23. Take corrective or preventive action.
24. Apply lessons learned.
25. Communicate results to interested parties.
26. Ensure improvements achieve objectives.




上一篇:ITSS:第五批符合性评估专家评审会在北京圆满召开
下一篇:企业该如何选择适合服务器
woiyezi

写了 4 篇文章,拥有财富 7313,被 3 人关注

您需要登录后才可以回帖 登录 | 立即注册
B Color Link Quote Code Smilies
男3栋 该用户已被删除
男3栋 发表于 2014-8-15 09:22:41
提示: 作者被禁止或删除 内容自动屏蔽
ykx123ykx 发表于 2015-2-25 17:36:03
非常感谢!!!!
Powered by IT 运维管理
返回顶部