ISO/IEC 27009:2016 信息技术 安全技术 ISO/IEC 27001专业应用 要求

标准编号：ISO/IEC 27009:2016

中文名称：信息技术 安全技术 ISO/IEC 27001专业应用 要求

英文名称：Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements

发布日期：2016-06

标准范围

ISO/IEC 27009:2016定义了在任何特定领域（领域、应用领域或市场领域）使用ISO/IEC 27001的要求。它解释了如何包括ISO/IEC 27001中的附加要求，如何完善任何ISO/IEC 27001要求，以及如何包括ISO/IEC 27001:2013附件A中的控制或控制集。它确保附加或改进的要求不与ISO/IEC 27001中的要求冲突。它适用于那些参与制定与ISO/IEC 27001相关的行业特定标准的人。

ISO/IEC 27009:2016 defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional to those in ISO/IEC 27001, how to refine any of the ISO/IEC 27001 requirements, and how to include controls or control sets in addition to ISO/IEC 27001:2013, Annex A.It ensures that additional or refined requirements are not in conflict with the requirements in ISO/IEC 27001.It is applicable to those involved in producing sector-specific standards that relate to ISO/IEC 27001.

标准预览图