GB/T 31496-2015 Information technology—Security techniques—Information securitymanagement system implementation guidance

Scope

This standard is based on GB/T 22080-2008 and focuses on the key aspects required for the design and implementation of a successful information security management system (ISMS). This standard describes the ISMS specifications and the process of its design, from the initial stages to the generation of an implementation plan. It outlines the process of obtaining management approval for ISMS implementation, defines a project for ISMS implementation (referred to in this standard as the ISMS project), and provides guidance on how to plan the ISMS project, ultimately resulting in a final ISMS implementation plan.
This standard can be used by organizations implementing an ISMS, and it is suitable for organizations of various sizes and types (e.g., commercial enterprises, government agencies, non-profit organizations). Each organization's complexity and risks are unique, and its specific requirements will drive the implementation of the ISMS. Small organizations will find that the activities mentioned in this standard can be applied to them and can be simplified. Large or complex organizations may find that a hierarchical organizational structure or management system is needed to effectively manage the activities in this standard. However, both large and small organizations can apply this standard to plan related activities.
This standard proposes some recommendations and explanations, but does not stipulate any requirements. It is intended to be used in conjunction with GB/T 22080-2008 and GB/T 22081-2008, but it is not expected to modify and/or reduce the requirements specified in GB/T 22080-2008, or to modify and/or reduce the recommendations provided in GB/T 22081-2008. Therefore, it is not appropriate to claim compliance with this standard.

Development Information

Superseded by the following standards

Referenced Standards

Adopt standards

Related Standards