ISO/IEC 27009:2020 信息安全、网络安全和隐私保护 ISO/IEC 27001的具体应用 要求

标准编号：ISO/IEC 27009:2020

中文名称：信息安全、网络安全和隐私保护 ISO/IEC 27001的具体应用 要求

英文名称：Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements

发布日期：2020-04

标准范围

本文件规定了创建扩展ISO/IEC 27001、补充或修订ISO/IEC 27002以支持特定行业（领域、应用领域或市场）的特定行业标准的要求。本文档解释了如何:-包括除ISO/IEC 27001中的要求之外的要求，-完善或解释任何ISO/IEC 27001要求，-除了ISO/IEC 27001:2013附录A和ISO/IEC 27002的控制之外，还包括控制，-修改ISO/IEC 27001:2013附录A和ISO/IEC 27002的任何控制措施，-在ISO/IEC 27002指南中添加指南或修改指南。本文件规定，附加或细化要求不会使ISO/IEC 27001中的要求失效。本文件适用于参与制定特定行业标准的人员。

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).This document explains how to:
- include requirements in addition to those in ISO/IEC 27001,
- refine or interpret any of the ISO/IEC 27001 requirements,
- include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
- modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
- add guidance to or modify the guidance of ISO/IEC 27002.
This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001. This document is applicable to those involved in producing sector-specific standards.

标准预览图