标准摘要
[中文适用范围]: 本国际标准规定了在特定领域(部门、专业或市场部门)应用 ISO/IEC 27001 的要求。它阐述了如何将补充要求纳入 ISO/IEC 27001 中的要求,如何细化 ISO/IEC 27001 的要求,以及如何将措施或措施目录作为 ISO/IEC 27001:2013 附录 A 的补充加以考虑。本国际标准确保补充或细化后的要求不与 ISO/IEC 27001 的要求相冲突。本国际标准适用于所有制定与 ISO/IEC 27001 相关的行业特定标准的各方。 [外文原描述]: ISO/IEC 27009:2016 defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional to those in ISO/IEC 27001, how to refine any of the ISO/IEC 27001 requirements, and how to include controls or control sets in addition to ISO/IEC 27001:2013, Annex A. It ensures that additional or refined requirements are not in conflict with the requirements in ISO/IEC 27001. It is applicable to those involved in producing sector-specific standards that relate to ISO/IEC 27001.
英文名称Information technology - Security techniques - Sector-specific application of ISO/IEC 27001 - Requirements