标准摘要
[中文适用范围]: 广泛,不仅适用于信息技术领域,也可延伸至其他依赖外部服务的关键业务环节。整体框架遵循国际通用的信息安全管理体系原则,强调预防为主、持续改进的理念,为组织制定具体的供应商安全管理策略提供了系统化、可操作的参考依据。 [外文原描述]: ISO/IEC 27036-2:2014 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships. These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, Build-Operate-Transfer and cloud computing services. These requirements are intended to be applicable to all organizations, regardless of type, size and nature. To meet these requirements, an organization should have already internally implemented a number of foundational processes, or be actively planning to do so. These processes include, but are not limited to, the following: governance, business management, risk management, operational and human resources management, and information security.
英文名称Information technology - Security techniques - Information security for supplier relationships - Part 2: Requirements