1、 ISO/IEC 2012. CSA Group 2015. All rights reserved. Unauthorized reproduction is strictly prohibited.CAN/CSA-ISO/IEC 27013:15(ISO/IEC 27013:2012, IDT)National Standard of CanadaCAN/CSA-ISO/IEC 27013:15 Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27
2、001 and ISO/IEC 20000-1(ISO/IEC 27013:2012, IDT)Legal Notice for StandardsCanadian Standards Association (operating as “CSA Group”) develops standards through a consensus standards development process approved by the Standards Council of Canada. This process brings together volunteers representing v
3、aried viewpoints and interests to achieve consensus and develop a standard. Although CSA Group administers the process and establishes rules to promote fairness in achieving consensus, it does not independently test, evaluate, or verify the content of standards.Disclaimer and exclusion of liabilityT
4、his document is provided without any representations, warranties, or conditions of any kind, express or implied, including, without limitation, implied warranties or conditions concerning this documents fitness for a particular purpose or use, its merchantability, or its non-infringement of any thir
5、d partys intellectual property rights. CSA Group does not warrant the accuracy, completeness, or currency of any of the information published in this document. CSA Group makes no representations or warranties regarding this documents compliance with any applicable statute, rule, or regulation.IN NO
6、EVENT SHALL CSA GROUP, ITS VOLUNTEERS, MEMBERS, SUBSIDIARIES, OR AFFILIATED COMPANIES, OR THEIR EMPLOYEES, DIRECTORS, OR OFFICERS, BE LIABLE FOR ANY DIRECT, INDIRECT, OR INCIDENTAL DAMAGES, INJURY, LOSS, COSTS, OR EXPENSES, HOWSOEVER CAUSED, INCLUDING BUT NOT LIMITED TO SPECIAL OR CONSEQUENTIAL DAMA
7、GES, LOST REVENUE, BUSINESS INTERRUPTION, LOST OR DAMAGED DATA, OR ANY OTHER COMMERCIAL OR ECONOMIC LOSS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER THEORY OF LIABILITY, ARISING OUT OF OR RESULTING FROM ACCESS TO OR POSSESSION OR USE OF THIS DOCUMENT, EVEN IF CSA GROUP HAS
8、BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INJURY, LOSS, COSTS, OR EXPENSES.In publishing and making this document available, CSA Group is not undertaking to render professional or other services for or on behalf of any person or entity or to perform any duty owed by any person or entity to an
9、other person or entity. The information in this document is directed to those who have the appropriate degree of experience to use and apply its contents, and CSA Group accepts no responsibility whatsoever arising in any way from any and all use of or reliance on the information contained in this do
10、cument.CSA Group is a private not-for-profit company that publishes voluntary standards and related documents. CSA Group has no power, nor does it undertake, to enforce compliance with the contents of the standards or other documents it publishes.Intellectual property rights and ownershipAs between
11、CSA Group and the users of this document (whether it be in printed or electronic form), CSA Group is the owner, or the authorized licensee, of all works contained herein that are protected by copyright, all trade-marks (except as otherwise noted to the contrary), and all inventions and trade secrets
12、 that may be contained in this document, whether or not such inventions and trade secrets are protected by patents and applications for patents. Without limitation, the unauthorized use, modification, copying, or disclosure of this document may violate laws that protect CSA Groups and/or others inte
13、llectual property and may give rise to a right in CSA Group and/or others to seek legal redress for such use, modification, copying, or disclosure. To the extent permitted by licence or by law, CSA Group reserves all intellectual property rights in this document.Patent rightsAttention is drawn to th
14、e possibility that some of the elements of this standard may be the subject of patent rights. CSA Group shall not be held responsible for identifying any or all such patent rights. Users of this standard are expressly advised that determination of the validity of any such patent rights is entirely t
15、heir own responsibility.Authorized use of this documentThis document is being provided by CSA Group for informational and non-commercial use only. The user of this document is authorized to do only the following:If this document is in electronic form: load this document onto a computer for the sole
16、purpose of reviewing it; search and browse this document; and print this document if it is in PDF format.Limited copies of this document in print or paper form may be distributed only to persons who are authorized by CSA Group to have such copies, and only if this Legal Notice appears on each such c
17、opy.In addition, users may not and may not permit others to alter this document in any way or remove this Legal Notice from the attached standard; sell this document without authorization from CSA Group; or make an electronic copy of this document.If you do not agree with any of the terms and condit
18、ions contained in this Legal Notice, you may not load or use this document or make any copies of the contents hereof, and if you do make such copies, you are required to destroy them immediately. Use of this document constitutes your acceptance of the terms and conditions of this Legal Notice.Standa
19、rds Update ServiceCAN/CSA-ISO/IEC 27013:15January 2015Title: Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1To register for e-mail notification about any updates to this publication go to shop.csa.ca click on CSA Update Servic
20、eThe List ID that you will need to register for updates to this publication is 2423459.If you require assistance, please e-mail techsupportcsagroup.org or call 416-747-2233.Visit CSA Groups policy on privacy at csagroup.org/legalto find out how we protect your personal information.Canadian Standards
21、 Association (operating as “CSA Group”), under whose auspices this National Standard has been produced, was chartered in 1919 and accredited by the Standards Council of Canada to the National Standards system in 1973. It is a not-for-profit, nonstatutory, voluntary membership association engaged in
22、standards development and certification activities.CSA Group standards reflect a national consensus of producers and users including manufacturers, consumers, retailers, unions and professional organizations, and governmental agencies. The standards are used widely by industry and commerce and often
23、 adopted by municipal, provincial, and federal governments in their regulations, particularly in the fields of health, safety, building and construction, and the environment.Individuals, companies, and associations across Canada indicate their support for CSA Groups standards development by voluntee
24、ring their time and skills to Committee work and supporting CSA Groups objectives through sustaining memberships. The more than 7000 committee volunteers and the 2000 sustaining memberships together form CSA Groups total membership from which its Directors are chosen. Sustaining memberships represen
25、t a major source of income for CSA Groups standards development activities.CSA Group offers certification and testing services in support of and as an extension to its standards development activities. To ensure the integrity of its certification process, CSA Group regularly and continually audits a
26、nd inspects products that bear the CSA Group Mark.In addition to its head office and laboratory complex in Toronto, CSA Group has regional branch offices in major centres across Canada and inspection and testing agencies in eight countries. Since 1919, CSA Group has developed the necessary expertise
27、 to meet its corporate mission: CSA Group is an independent service organization whose mission is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, certification and related services to meet national and international
28、needs.For further information on CSA Group services, write toCSA Group5060 Spectrum Way, Suite 100Mississauga, Ontario, L4W 5N6CanadaThe Standards Council of Canada (SCC) is the coordinating body of the Canadian standardization network, which is composed of people and organizations involved in the d
29、evelopment, promotion and implementation of standards. Through the collaborative efforts of Canadian standardization network members, standardization is helping to advance the social and economic well-being of Canada and to safeguard the health and safety of Canadians. The networks efforts are overs
30、een by SCC.The principal objectives of SCC are to foster and promote voluntary standardization as a means of advancing the national economy, supporting sustainable development, benefiting the health, safety and welfare of workers and the public, assisting and protecting the consumer, facilitating do
31、mestic and international trade, and furthering international cooperation in relation to standardization.An important facet of the Canadian standards development system is the use of the following principles: consensus; equal access and effective participation by concerned interests; respect for dive
32、rse interests and identification of those who should be afforded access to provide the needed balance of interests; mechanism for dispute resolution; openness and transparency; open access by interested parties to the procedures guiding the standards development process; clarity with respect to the
33、processes; and Canadian interest consideration as the initial basis for the development of standards.A National Standard of Canada (NSC) is a standard prepared or reviewed by an SCC-accredited SDO and approved by the SCC according to NSC approval requirements. Approval does not refer to the technica
34、l content of the standard, as this remains the responsibility of the SDO. An NSC reflects a consensus of a number of capable individuals whose collective interests provide, to the greatest practicable extent, a balance of representation of general interests, producers, regulators, users (including c
35、onsumers) and others with relevant interests, as may be appropriate to the subject at hand. NSCs are intended to make a significant and timely contribution to the Canadian interest.Those who have a need to apply standards are encouraged to use NSCs. These standards are subject to periodic review. Us
36、ers of NSCs are cautioned to obtain the latest edition from the SDO that publishes the standard.The responsibility for approving standards as NSCs rests withStandards Council of Canada270 Albert Street, Suite 200Ottawa, Ontario, K1P 6N7CanadaCette Norme Nationale du Canada nest disponible quen angla
37、is. Le Groupe CSA publiera la version en franais ds quelle sera produite par lorganisme rdacteur.Although the intended primary application of this Standard is stated in its Scope, it is important to note that it remains the responsibility of the users to judge its suitability for their particular pu
38、rpose.TMA trade-mark of the Canadian Standards Association, operating as “CSA Group”ICS 03.080.99; 35.020; 35.040ISBN 978-1-77139-816-9 2015 CSA GroupAll rights reserved. No part of this publication may be reproduced in any form whatsoever without the prior permission of the publisher.Published in J
39、anuary 2015 by CSA Group A not-for-profit private sector organization 5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N6 To purchase standards and related publications, visit our Online Store at shop.csa.caor call toll-free 1-800-463-6727 or 416-747-4044.TMA trade-mar k of the Canadi
40、an S tandards Association, operating as “CSA Group”Reviewed byPrepared byInternational Organization for Standardization/International Electrotechnical CommissionApproved byInformation technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1(ISO/IE
41、C 27013:2012, IDT)CAN/CSA-ISO/IEC 27013:15National Standard of CanadaCAN/CSA-ISO/IEC 27013:15Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1January 2015 2015 CSA GroupCSA/5CAN/CSA-ISO/IEC 27013:15Information technology Securit
42、y techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1(ISO/IEC 27013:2012, IDT)CSA PrefaceStandards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Tec
43、hnology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a mem
44、ber of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).For brevity, this Standard will be referred to as “CAN/CSA-ISO/IEC 27013” throughout.At the time of publication, ISO/IEC 27013:2012 is available fro
45、m ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC.This International Standard was reviewed by the TCIT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. From
46、time to time, ISO/IEC may publish addenda, corrigenda, etc. The TCIT will review these documents for approval and publication. For a listing, refer to the Current Standards Activities page at standardsactivities.csa.ca. This Standard has been formally approved, without modification, by the Technical
47、 Committee and has been approved as a National Standard of Canada by the Standards Council of Canada. 2015 CSA GroupAll rights reserved. No part of this publication may be reproduced in any form whatsoever without the prior permission of the publisher. ISO/IEC material is reprinted with permission.
48、Where the words “this International Standard” appear in the text, they should be interpreted as “this National Standard of Canada”.Inquiries regarding this National Standard of Canada should be addressed to CSA Group5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada, L4W 5N61-800-463-6727 41
49、6-747-4000http:/csa.caCAN/CSA-ISO/IEC 27013:15Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1January 2015 2015 CSA GroupCSA/6To purchase standards and related publications, visit our Online Store at shop.csa.caor call toll-free 1-800-463-6727 or 416-747-4044.This Standard is subject to review five years from the date of publication, and suggestions for its improvement will be referred to the appropriate committee. To submit a proposal for change, please sen
