This International Standard specifies the requirements for establishing, implementing, maintaining and continuously improving an information security management system in an organizational environment. This International Standard also includes requirements for information security risk assessment and treatment tailored to the needs of the organization. The requirements specified in this International Standard are generic and applicable to organizations of any type, size or nature. When an organization claims conformity to this International Standard, any requirements specified in clauses 4 to 10 cannot be excluded.
GB/T 22080-2016 Referenced Document
GB/T 29246-2012 Information technology.Security techniques.Information security management systems.Overview and vocabulary
GB/T 22080-2016 history
2016GB/T 22080-2016 Information technology.Security techniques.Information security management systems.Requirements
2008GB/T 22080-2008 Information technology.Security techniques.Information security management systems.Requirements