ISO/IEC 27001 Ersetzt / Remplace / Replaces: Ausgabe / Edition: SN ISO/IEC 27001:2005 2013-11ICS Code:35.040 Information technology - Security techniques -Information security management systems -Requirements In der vorliegenden Schweizer Norm ist die ISO/IEC 27001:2013 identisch abgedruckt.Dans la présente Norme Suisse le ISO/IEC 27001:2013 est reproduit identiquement.In this Swiss standard ISO/IEC 27001:2013 is reprinted identically. Für diese Norm ist das Normen-Komitee INB/NK 149 << Informationstechnologie >> des interdisziplinären Normenbereichs zuständig.La présente norme est de la compétence du comité de normalisation INB/NK 149 << Technologie de l'information >> du secteurinterdisciplinaire de normalisation.The standardization committee INB/NK 149 << Information technology >> of the interdisciplinary sector is in charge of the present standard. 0012 SNVRef Nr. / No. de réf / No ref.: Herausgeber / Editeur / Editor Vertrieb / Distribution © SNV Anzahl Seiten / Nombre de pages / Number of pages: SNV SchweizerischeNormen-VereinigungBürglistrasse 29CH-8400 WinterthurSNV SchweizerischeNormen-VereinigungBürglistrasse 29CH-8400 WinterthurSN ISO/IEC 27001:2013 en Preisklasse / Classe de prix / Price class: Gültig ab / Valide de / Valid from: 2013-11-0123– Leerseite / Page blanche –Information technology — Security techniques — Information security management systems — Requirements Technologies de l’information — Techniques de sécurité — Systèmes de management de la sécurité de l’information — Exigences © ISO/IEC 2013INTERNATIONAL STANDARDISO/IEC27001 Second edition2013-10-01 Reference numberISO/IEC 27001:2013(E) ISO/IEC 27001:2013(E) ii © ISO/IEC 2013 – All rights reservedCOPYRIGHT PROTECTED DOCUMENT © ISO/IEC 2013All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.ISO copyright officeCase postale 56 • CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail [email protected] www.iso.orgPublished in Switzerland ISO/IEC 27001:2013(E) © ISO/IEC 2013 – All rights reserved iiiContents Page Foreword ........................................................................................................................................................................................................................................ iv 0 Introduction ............................................................................................................................................................................................................... v 1 Scope ................................................................................................................................................................................................................................. 1 2 Normative references ...................................................................................................................................................................................... 1 3 Terms and definitions ..................................................................................................................................................................................... 1 4 Context of the organization ....................................................................................................................................................................... 1 4.1 Understanding the organization and its context ....................................................................................................... 1 4.2 Understanding the needs and expectations of interested parties ..........................................................