ISO27001：2013中英文对照(20)

2) 本标准的要求；

b) is effectively implemented and maintained. The organization shall:

c) plan, establish, implement and maintain an audit program me(s), including the

frequency, methods, responsibilities, planning requirements and reporting. The audit

program me(s) shall take into consideration the importance of the processes concerned

and the results of previous audits;

d) define the audit criteria and scope for each audit;

e) select auditors and conduct audits that ensure objectivity and the impartiality of the

audit process;

f) ensure that the results of the audits are reported to relevant management; and

g) retain documented information as evidence of the audit program me(s) and the audit

results.

b) 得到有效的实施和保持。

组织应：

c) 规划、建立、实施和保持审核方案，包括频次、方法、职责、计划要求和报告。审核方

案应考

虑所关注过程的重要性以及以往审核的结果；

d) 为每次审核定义审核准则和审核范围；

e) 审核员的选择和审核的实施应确保审核过程的客观性和公正性；

f) 确保审核结果报告给相关的管理者；

g) 保留文件记录信息作为审核方案和审核结果的证据。

Management review

9.3 管理评审

Top management shall review the organization’s information security management

system at planned intervals to ensure its continuing suitability, adequacy and

effectiveness.The management review shall include consideration of:

管理者应按计划的时间间隔评审组织的信息安全管理体系，以确保其持续的适宜性、充分性

和有效性。 管理评审应包括下列

方面的考虑：

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the information security

management

system;

c) feedback on the information security performance, including trends in:

1) nonconformities and corrective actions;

2) monitoring and measurement results;

3) audit results;

4) fulfilment of information security objectives;

d) feedback from interested parties;

e) results of risk assessment and status of risk treatment plan; and