ISO/IEC 27036-2:2022 信息技术 安全技术 供应商关系的信息安全 第2部分：要求

标准编号：ISO/IEC 27036-2:2022

中文名称：信息技术 安全技术 供应商关系的信息安全 第2部分：要求

英文名称：Cybersecurity — Supplier relationships — Part 2: Requirements

发布日期：2022-06

标准范围

ISO/IEC 27036-2:20 22本文件规定了定义、实施、操作、监控、审查、维护和改善供应商和收购方关系的基本信息安全要求。这些要求涵盖产品和服务的任何采购和供应，如制造或组装、业务流程采购、软件和硬件组件、知识流程采购、构建-运营-移交和云计算服务。本文件适用于所有组织，无论其类型、规模和性质如何。为了满足要求，期望组织已经在内部实施了许多基础流程或正在积极计划这样做。这些流程包括但不限于:业务管理、风险管理、运营和人力资源管理以及信息安全。

ISO/IEC 27036-2:2022 This document specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships.
These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, build-operate-transfer and cloud computing services.
This document is applicable to all organizations, regardless of type, size and nature.
To meet the requirements, it is expected that an organization has internally implemented a number of foundational processes or is actively planning to do so. These processes include, but are not limited to: business management, risk management, operational and human resources management, and information security.

标准预览图