×

扫描二维码登录本站

QQ登录

只需一步,快速开始

ISO 27001 PDCA流程总结

标签: 暂无标签
ISO 27001 PDCA流程总结

Plan:
1. Define the scope of the ISMS.
2. Define an ISMS policy.
3. Define the approach to risk assessment.
4. Identify the risks.
5. Assess the risks.
6. Identify and evaluate options for the treatment of risk.
7. Select control objectives and controls.
8. Prepare a statement of applicability (SOA).

Do:
9. Formulate a risk treatment plan.
10. Implement the risk treatment plan.
11. Implement controls.
12. Implement training and awareness programs.
13. Manage operations.
14. Manage resources.
15. Implement procedures to detect and respond to security incidents.

Check:
16. Execute monitoring procedures.
17. Undertake regular reviews of ISMS effectiveness.
18. Review the level of residual and acceptable risk.
19. Conduct internal ISMS audits.
20. Undertake regular management review of the ISMS.
21. Record actions and events that impact an ISMS.

Act:
22. Implement identified improvements.
23. Take corrective or preventive action.
24. Apply lessons learned.
25. Communicate results to interested parties.
26. Ensure improvements achieve objectives.




上一篇:浅谈云计算环境下的安全管理
下一篇:ISO 标准规范制订过程
woiyezi

写了 4 篇文章,拥有财富 7313,被 3 人关注

您需要登录后才可以回帖 登录 | 立即注册
B Color Link Quote Code Smilies
男3栋 该用户已被删除
男3栋 发表于 2014-8-15 09:22:41
提示: 作者被禁止或删除 内容自动屏蔽
ykx123ykx 发表于 2015-2-25 17:36:03
非常感谢!!!!
最新100贴|论坛版块|ITIL先锋论坛 |粤ICP备11099876号|网站地图
Powered by Discuz! X3.4 Licensed  © 2001-2017 Comsenz Inc.
返回顶部