This standard is based on GB/T 22080-2008 and focuses on the key aspects needed to design and implement a successful information security management system (ISMS). This International Standard describes the ISMS specification and the process for its design, from inception to the generation of an implementation plan. This standard describes the process of obtaining management approval for the implementation of ISMS, defines a project for the implementation of ISMS (this standard is called ISMS project), and provides corresponding guidance on how to plan the ISMS project, resulting in the final ISMS project implementation plan . This International Standard can be used by organizations implementing an ISMS, and is applicable to organizations of all sizes and types (eg, commercial enterprises, government agencies, not-for-profit organizations). Every organization is unique in its complexity and risks, and its specific requirements will drive the implementation of an ISMS. Smaller organizations will find that the activities mentioned in this standard are applicable to them and can be simplified. Large or complex organizations may find that a hierarchical organizational structure or management system is required in order to effectively manage the activities covered by this International Standard. However, both large and small organizations can apply this International Standard to plan related activities. This standard makes some recommendations and clarifications, but does not specify any requirements. It is expected to use this standard together with GB/T 22080-2008 and GB/T 22081-2008, but it is not expected to modify and/or reduce the requirements specified in GB/T 22080-2008, or to modify and/or reduce GB/T 22081-2008 provides advice. Therefore, it is inappropriate to claim compliance with this standard.
GB/T 31496-2015 Referenced Document
GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
GB/T 29246-2012 Information technology.Security techniques.Information security management systems.Overview and vocabulary
GB/T 31496-2015 history
2023GB/T 31496-2023 Information Technology Security Technical Information Security Management System Guidelines
2015GB/T 31496-2015 Information technology.Security techniques.Information securitymanagement system implementation guidance