(This specification provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system (ISMS). Adoption of an ISMS is a strategic decision for the organization. The design and implementation of an organization ISMS is influenced by the organization's requirements, options, security requirements, process of use, and the design and structure of the organization. Over time, arrangements and their support systems will change. Therefore, the implementation of ISMS should be consistent with the needs of the organization, eg, a simple environment requires only a simple ISMS solution.
ISO270012005 Chinese version.pdf)