ISO27001：2013中英文对照(10)

d) includes a commitment to continual improvement of the information security

management system. The information security policy shall:

e) be available as documented information;

f) be communicated within the organization; and

g) be available to interested parties, as appropriate.

a) 适于组织的目标；

b) 包含信息安全目标（见6.2）或设置信息安全目标提供框架；

c) 包含满足适用的信息安全相关要求的承诺；

d) 包含信息安全管理体系持续改进的承诺。 信

息安全方针应：

e) 文件化并保持可用性；

f) 在组织内部进行传达；

g) 适当时，对相关方可用。

Organizational roles, responsibilities and authorities

5.3 组织角色、职责和权限

Top management shall ensure that the responsibilities and authorities for roles relevant to

information security are assigned and communicated. 高层管理者应确保分配并传达了信

息安全相关角色的职责和权限。

Top management shall assign the responsibility and authority for:

高层管理者应分配下列职责和权限：

a) ensuring that the information security management system conforms to the

requirements of this International Standard; and

b) reporting on the performance of the information security management system to top

management.

a) 确保信息安全管理体系符合本标准的要求；

b) 将信息安全管理体系的绩效报告给高层管理者。

NOTE Top management may also assign responsibilities and authorities for reporting

performance of the information security management system within the organization. 注：

高层管理者可能还要分配在组织内部报告信息安全管理体系绩效的职责和权限。