(This specification provides a model for establishing, implementing, operating, monitoring, evaluating, maintaining and improving an information security management system (ISMS). Adoption of an ISMS is a strategic decision for the organization. The design and implementation of an ISMS is influenced by the organization's needs, objectives, security needs, process of use, and the design and structure of the organization. Over time, arrangements and their support systems will change. The implementation of ISMS should therefore be consistent with the needs of the arrangement, eg, simple environments requiring only a simple ISMS solution. This document includes the following attachments:
ISO270012005 Chinese version.pdf)