ISO27001：2013中英文对照(17)

When creating and updating documented information the organization shall ensure

appropriate:

a) identification and description (e.g. a title, date, author, or reference number);

b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);

c) review and approval for suitability and adequacy.

创建和更新文件记录信息时，组织应确保适当的：

a) 标识和描述（例如：标题、日期、作者或参考编号）；

b) 格式（例如：语言，软件版本，图表）和介质（例如：纸质介质，电子介质）；

c) 评审和批准其适用性和充分性。

Control of documented information

7.5.3 文件记录信息的控制

Documented information required by the information security management system and by

this International Standard shall be controlled to ensure:

a) it is available and suitable for use, where and when it is needed; and

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of

integrity).

信息安全管理体系和本标准所要求的文件记录信息应予以控制，以确保：

a) 无论何时何地需要，它都是可用并适合使用的；

b) 它被充分保护（例如避免丧失保密性、使用不当或丧失完整性）。

For the control of documented information, the organization shall address the following

activities,as applicable:

c) distribution, access, retrieval and use;

d) storage and preservation, including the preservation of legibility;

e) control of changes (e.g. version control); and

f) retention and disposition. 对于文件记录信息的控制，适

用时，组织应处理下列问题： c) 分发、访问、检索和使用；

d) 存储和保存，包括可读性的保持；

e) 变更控制（例如版本控制）；

f) 保留和和处置。

Documented information of external origin, determined by the organization to be

necessary for the planning and operation of the information security management system,

shall be identified as appropriate, and controlled.

组织为规划和实施信息安全管理体系确定的必要的外部原始文件记录信息，适当时应予以识

别并进行控制。

NOTE Access implies a decision regarding the permission to view the documented

information only, or the permission and authority to view and change the documented

information, etc.

注：访问隐含一个权限决策：仅能查看文件记录信息，或有权去查看和变更文件记录信息等。