woiyezi 发表于 2014-8-14 17:18:30

ISO 27001 PDCA流程总结

ISO 27001 PDCA流程总结

Plan:
1. Define the scope of the ISMS.
2. Define an ISMS policy.
3. Define the approach to risk assessment.
4. Identify the risks.
5. Assess the risks.
6. Identify and evaluate options for the treatment of risk.
7. Select control objectives and controls.
8. Prepare a statement of applicability (SOA).

Do:
9. Formulate a risk treatment plan.
10. Implement the risk treatment plan.
11. Implement controls.
12. Implement training and awareness programs.
13. Manage operations.
14. Manage resources.
15. Implement procedures to detect and respond to security incidents.

Check:
16. Execute monitoring procedures.
17. Undertake regular reviews of ISMS effectiveness.
18. Review the level of residual and acceptable risk.
19. Conduct internal ISMS audits.
20. Undertake regular management review of the ISMS.
21. Record actions and events that impact an ISMS.

Act:
22. Implement identified improvements.
23. Take corrective or preventive action.
24. Apply lessons learned.
25. Communicate results to interested parties.
26. Ensure improvements achieve objectives.

男3栋 发表于 2014-8-15 09:22:41

ykx123ykx 发表于 2015-2-25 17:36:03

非常感谢!!!!
页: [1]
查看完整版本: ISO 27001 PDCA流程总结