Information technology — Security techniques — Information security management systems — Requirements- Support
信息安全管理體系要求-支持
 
6Support
6 支持
6.1   Resources 
6.1 資源
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the information security management system.
組織應確定并提供建立、實施、保持和持續改進信息安全管理體系所需的資源。
6.2   Competence 
6.2  能力
The organization shall:
a)     determine the necessary competence of person(s) doing work under its control that affects its information security performance;
b)     ensure that these persons are competent on the basis of appropriate education, training, or experience;
c)      where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and
d)     retain appropriate documented information as evidence of competence.
組織應：
a)     確定從事影響信息安全執行工作的人員在組織的控制下從事其工作的必要能力；
b)     確保人員在適當教育，培訓和經驗的基礎上能夠勝任工作；
c)      適用時，采取措施來獲得必要的能力，并評價所采取措施的有效性；
d)     保留適當的文件記錄信息作為能力方面的證據。
NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the reControl assignment of current employees; or the hiring or contracting of competent persons.
注：例如適當措施可能包括為現有員工提供培訓、對其進行指導或重新分配工作；雇用或簽約有能力的人員。

6.3   Awareness 
6.3 意識
Persons doing work under the organization’s control shall be aware of:
a)     the information security policy;
b)     their contribution to the effectiveness of the information security management system, including the benefits of improved information security performance; and
c)      the implications of not conforming with the information security management system requirements.
人員在組織的控制下從事其工作時應意識到：
a)     信息安全政策；
b)     他們對有效實施信息安全管理體系的貢獻，包括信息安全績效改進后的益處；
c)      不符合信息安全管理體系要求可能的影響。

溫馨提示：獲取完整版ISO27001最新2022版中英文對照資料，可咨詢中培課程顧問或撥打客服電話了解18513851518