ISO27001：2013中英文对照(9)

5 Leadership

5 领导

Leadership and commitment

5.1 领导和承诺

Top management shall demonstrate leadership and commitment with respect to the

information security management system by: 高层管理者应通过下列方式展示其关于信息

安全管理体系的领导力和承诺：

a) ensuring the information security policy and the information security objectives are

established and are compatible with the strategic direction of the organization;

b) ensuring the integration of the information security management system requirements

into the organization’s processes;

c) ensuring that the resources needed for the information security management system

are available;

d) communicating the importance of effective information security management and of

conforming to the information security management system requirements;

e) ensuring that the information security management system achieves its intended

outcome(s);

f) directing and supporting persons to contribute to the effectiveness of the information

security management system;

g) promoting continual improvement; and

h) supporting other relevant management roles to demonstrate their leadership as it

applies to their areas of responsibility.

a) 确保建立信息安全方针和信息安全目标，并与组织的战略方向保持一致；

b) 确保将信息安全管理体系要求整合到组织的业务过程中；

c) 确保信息安全管理体系所需资源可用；

d) 传达信息安全管理有效实施、符合信息安全管理体系要求的重要性；

e) 确保信息安全管理体系实现其预期结果；

f) 指挥并支持人员为信息安全管理体系的有效实施作出贡献；

g) 促进持续改进；

h) 支持其他相关管理角色在其职责范围内展示他们的领导力。

Policy

5.2 方针

Top management shall establish an information security policy that:

高层管理者应建立信息安全方针，以：

a) is appropriate to the purpose of the organization;

b) includes information security objectives (see 6.2) or provides the framework for setting

information security objectives;

c) includes a commitment to satisfy applicable requirements related to information

security;