GB/T 22080-2008
Information technology.Security techniques.Information security management systems.Requirements (English Version)

Standard No.
GB/T 22080-2008
Language
Chinese, Available in English version
Release Date
2008
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Status
 2017-03
Replace By
GB/T 22080-2016
Latest
GB/T 22080-2016
Scope
This International Standard is applicable to all types of organizations (eg, commercial enterprises, government agencies, not-for-profit organizations). This International Standard specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) from the perspective of the organization's overall business risk. It specifies requirements for the implementation of security controls tailored to suit the needs of different organizations or their departments. The ISMS should be designed to ensure that appropriate and appropriate security controls are selected to adequately protect information assets and give confidence to interested parties. The requirements specified in this International Standard are generic and applicable to organizations of all types, sizes and characteristics. When an organization claims conformity to this International Standard, the requirements of Clauses 4, 5, 6, 7 and 8 cannot be deducted. Any reduction of control measures necessary to meet the risk acceptance criteria must be justified and evidence needs to be provided that the associated risks have been accepted by the responsible personnel. Compliance with this International Standard cannot be claimed unless the exclusion does not affect the organization's ability and/or responsibility to meet the security requirements as determined by the risk assessment and applicable statutory and regulatory requirements.

GB/T 22080-2008 Referenced Document

  • GB/T 22081-2008 Information technology.Security techniques.Code of practice for information security management

GB/T 22080-2008 history

  • 2016 GB/T 22080-2016 Information technology.Security techniques.Information security management systems.Requirements
  • 2008 GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
Information technology.Security techniques.Information security management systems.Requirements


Copyright ©2024 All Rights Reserved