1、 / 27007 2014 ISO/IEC 27007:2011 Information technology - Security techniques - Guidelines for information security management systems auditing (IDT) 2015 / 270072014 II 1 - ( ), - - ( ) - ( ) , 4 2 22 3 11 2014 . 563- 4 / 27007:2011 - . . - (ISO/IEC 27007:2011 Information technology Security tech-n
2、iques Guidelines for information security management systems auditing) - 1.5 ( 3.5) - , - 5 1.02012 ( 8). ( 1 ) , -. () - . , (gost.ru) , 2015 , - / 270072014 III / 27007 / 1, - , 27, . () - / 27001:2005, , , 19011. , -. 19011, - , -, . 19011, , - , 19011 . / 270072014 1 Information technology Secur
3、ity techniques Guidelines for information security management systems auditing 2015 06 01 1 , 19011, - (), . , - - . 2 . . - ( ). 19011:2011 (ISO 19011:2011, Guidelines for auditing management systems) / 27001:20051) . -. . (ISO/IEC 27001:2005, Information technology Security techniques Information
4、security management sys-tems Requirements) / 27000:20092) . -. . (ISO/IEC 27000:2009, Information technology Security techniques Information security management sys-tems Overview and vocabulary) - , 1 , - , , . -, , - (). -, , , , 1) . / 27001:2013. -, , -. 2) . / 27000:2014. -, , -. / 270072014 2 ,
5、 . , , , , - . 3 , 19011 / 27000. 4 , 4 19011:2011. 5 5.1 5.1 19011:2011. - , . 5.1.1 5.1 1) , , . 5.2 5.2 19011:2011. - , . 5.2.1 5.2 () , - . : a) ; b) / 27001; c) , ; d) , . : 1) , ; 2) . 5.3 5.3.1 , 5.3.1 19011:2011. 5.3.2 , 5.3.2 19011:2011. 5.3.3 5.3.3 19011:2011. , . 5.3.3.1 5.3.3 . , - : a)
6、, : 1) , , , ; 1) . / 270072014 3 2) ; 3) , ; b) ( ); c) , ; d) ; e) , , (); f) ; g) , . , - . / 27006:20071) IAF MD 1:2007 7, - . 5.3.4 5.3.4 19011:2011. 5.3.5 5.3.5 19011:2011. 5.3.6 5.3.6 19011:2011. , . 5.3.6.1 5.3.6 , , - . 5.4 5.4.1 5.4.1 19011:2011. , . 5.4.1.1 5.4.1 - , - . 5.4.2 , 5.4.2 19011:2011. , . 5.4.2.1 5.4.2 , , - , . : a) , - ; b) , ; c) . , : 1) ; 2) ; 3) ; 4) - , (. / 27004); 1) . / 27006:2011. -, , -. / 270072014 4 5) ; 6) -, ; 7) , , - ; 8) , -, , . , -, , , - - . , , 1.2 / 27001:2005. , - - . , -
