GB/T 31496-2015
Information technology.Security techniques.Information securitymanagement system implementation guidance (English Version)

Standard No.
GB/T 31496-2015
Language
Chinese, Available in English version
Release Date
2015
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Status
 2023-12
Replace By
GB/T 31496-2023
Latest
GB/T 31496-2023
Scope
This standard is based on GB/T 22080-2008 and focuses on the key aspects needed to design and implement a successful information security management system (ISMS). This International Standard describes the ISMS specification and the process for its design, from inception to the generation of an implementation plan. This standard describes the process of obtaining management approval for the implementation of ISMS, defines a project for the implementation of ISMS (this standard is called ISMS project), and provides corresponding guidance on how to plan the ISMS project, resulting in the final ISMS project implementation plan . This International Standard can be used by organizations implementing an ISMS, and is applicable to organizations of all sizes and types (eg, commercial enterprises, government agencies, not-for-profit organizations). Every organization is unique in its complexity and risks, and its specific requirements will drive the implementation of an ISMS. Smaller organizations will find that the activities mentioned in this standard are applicable to them and can be simplified. Large or complex organizations may find that a hierarchical organizational structure or management system is required in order to effectively manage the activities covered by this International Standard. However, both large and small organizations can apply this International Standard to plan related activities. This standard makes some recommendations and clarifications, but does not specify any requirements. It is expected to use this standard together with GB/T 22080-2008 and GB/T 22081-2008, but it is not expected to modify and/or reduce the requirements specified in GB/T 22080-2008, or to modify and/or reduce GB/T 22081-2008 provides advice. Therefore, it is inappropriate to claim compliance with this standard.

GB/T 31496-2015 Referenced Document

  • GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
  • GB/T 29246-2012 Information technology.Security techniques.Information security management systems.Overview and vocabulary

GB/T 31496-2015 history

  • 2023 GB/T 31496-2023 Information Technology Security Technical Information Security Management System Guidelines
  • 2015 GB/T 31496-2015 Information technology.Security techniques.Information securitymanagement system implementation guidance
Information technology.Security techniques.Information securitymanagement system implementation guidance


Copyright ©2024 All Rights Reserved