目 录
01 信息安全管理手册发布令 ....................................................................4
02 信息安全方针批准令........................................................................5
03 任 命 书................................................................................7
04 公司介绍..................................................................................8
1.目的和范围 ................................................................................9
1.1 总则 ...................................................................................9
1.2 范围.....................................................................................9
1.3 删减说明.................................................................................9
2.引用标准 ..................................................................................9
3.术语和定义 ................................................................................9
3.1 术语 ....................................................................................9
3.2 缩写 ....................................................................................9
4.信息安全管理体系 ..........................................................................9
4.1 总要求 ..................................................................................9
4.2 建立和管理 ISMS.........................................................................10
4.3 文件要求 ...............................................................................14
5.管理职责 .................................................................................16
5.1 管理承诺 ...............................................................................16
5.2 资源管理 ...............................................................................16
5.2.3 相关文件 .............................................................................17
6. ISMS 内部审核............................................................................17
6.1 总则 ..................................................................................17
6.2 内审策划 ..............................................................................17
6.3 内审实施 ..............................................................................17
7. ISMS 管理评审 ...........................................................................17
7.1 总则 ...................................................................................17
7.2 评审输入 ...............................................................................17
7.3 评审输出 ...............................................................................18
8 ISMS 改进.................................................................................18
8.1 持续改进................................................................................18
8.2 纠正措施 ...............................................................................18
9. 记录 ....................................................................................19
表 A.1 受控文件清单........................................................................20
表 A.3 信息安全组织机构图 ..................................................................25
表 A.4 信息安全职责说明....................................................................26
表 A.5 江苏苏州金商科技发展有限公司新点 2008 年 12 月组织机构图 ...............................30