On the basis of GB/T 19011-2003, this standard provides guidance for the audit principles, audit program management and audit implementation of information security management system (ISMS), and provides guidance for auditors' ability and evaluation. This standard applies to all organizations that need to implement ISMS internal audits, external audits or audit management.
GB/T 28450-2012 Referenced Document
GB/T 19000-2008 Quality management systems.Fundamentals and vocabulary
GB/T 19011-2003 Guidelines for quality and/or environmental management systems auditing
GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements
GB/T 22081-2008 Information technology.Security techniques.Code of practice for information security management
GB/T 28450-2012 history
2020GB/T 28450-2020 Information technology—Security techniques—Guidelines for information security management systems auditing
2012GB/T 28450-2012 Information security technology.Guidelines for information security management system auditing