7 Support
7 支持
Resources
7.1 资源
The organization shall determine and provide the resources needed for the establishment,
implementation, maintenance and continual improvement of the information security
management system.
组织应确定并提供建立、实施、保持和持续改进信息安全管理体系所需的资源。
Competence
7.2 能力
The organization shall:
a) determine the necessary competence of person(s) doing work under its control that
affects its information security performance;
b) ensure that these persons are competent on the basis of appropriate education,
training, or experience;
c) where applicable, take actions to acquire the necessary competence, and evaluate the
effectiveness of the actions taken; and
d) retain appropriate documented information as evidence of competence.
组织应:
a) 确定从事影响信息安全执行工作的人员在组织的控制下从事其工作的必要能力;
b) 确保人员在适当教育,培训和经验的基础上能够胜任工作;
c) 适用时,采取措施来获得必要的能力,并评价所采取措施的有效性;
d) 保留适当的文件记录信息作为能力方面的证据。
NOTE Applicable actions may include, for example: the provision of training to, the
mentoring of, or the reassignment of current employees; or the hiring or contracting of
competent persons.
注:例如适当措施可能包括为现有员工提供培训、对其进行指导或重新分配工作;雇用或签
约有能力的人员。
Awareness
7.3 意识
Persons doing work under the organization’s control shall be aware of:
a) the information security policy;
b) their contribution to the effectiveness of the information security management system,
including the benefits of improved information security performance; and
c) the implications of not conforming with the information security management system
requirements.
人员在组织的控制下从事其工作时应意识到:
a) 信息安全方针;