标准摘要
[中文适用范围]: 以及基本原则,该标准支持企业在复杂的外包环境中构建安全可信的协作机制,促进对第三方风险的有效管控。其内容侧重于概念性描述与通用原则,不涉及具体技术实施细节,适用于需要制定供应商信息安全策略的各类机构与部门,为后续详细规范的编制与应用奠定理论基础。 ***此介绍可能不准确,请注意参考原文。 [外文原描述]: ISO/IEC 27036-1:2014 is an introductory part of ISO/IEC 27036. It provides an overview of the guidance intended to assist organizations in securing their information and information systems within the context of supplier relationships. It also introduces concepts that are described in detail in the other parts of ISO/IEC 27036. ISO/IEC 27036-1:2014 addresses perspectives of both acquirers and suppliers.
英文名称Information technology - Security techniques - Information security for supplier relationships - Part 1: Overview and concepts