äŒç€Ÿã«ãšã£ãŠæŠç¥çã«éèŠãªæ±ºå®ãäžããšããåŸæ¥å¡ã¯å€åãžã®å¯Ÿå¿ã® 5 段éãšããŠããç¥ãããåºæ¬çãªé²åŸ¡ã¡ã«ããºã ãééããŸã (E. ãã¥ãŒãã©ãŒã»ãã¹è)ã èåãªå¿çåŠè ã¯ãã€ãŠææ åå¿ã«ã€ããŠèª¬æããææ åå¿ã® 5 ã€ã®äž»èŠãªæ®µéã匷調ããŸããã åŠå®, æã, 亀æž, ãã€ç ãããŠæåŸã«ã åãå ¥ãã ISO 27001 èªèšŒã«ç¹åããäžé£ã®èšäºãçšæããå段éã«ã€ããŠèª¬æããŸãã ä»æ¥ã¯ãã®æåã®åŠå®ã«ã€ããŠè©±ããŸãã
ISO 27001 èªèšŒããèŠãããããã«ååŸããããšã¯ãæéãšè²»çšã®ãããæºåãå¿
èŠãªãããéåžžã«çãããåã³ã§ãã ããã«ãããã瀺ãããã«ã
åœç€Ÿã¯ãäŒèšã»çšåäŒèšã絊äžèšç®ã人äºç®¡çãªã©ãäŒèšæ¥åã®ããããã¢ãŠããœãŒã·ã³ã°ãµãŒãã¹ãæäŸããŠãããŸãã åœç€Ÿã¯ãç¹ã«ãã·ã¢ã«æ¯åºãæã€å€åœäŒæ¥ãæ©å¯æ å ±ã«é¢ããŠåœç€Ÿãä¿¡é ŒããŠãããšããäºå®ã«ãããåžå Žã§äž»èŠãªå°äœãå ããŠããŸãã ããã¯ãã¯ã©ã€ã¢ã³ãã®è²¡åããã»ã¹ã ãã§ãªããç§ãã¡ãæ¥åžžçã«æ±ãå人ããŒã¿ã«ãåœãŠã¯ãŸããŸãã ãã®ç¹ã«ãããŠãæ å ±ã»ãã¥ãªãã£ã®åé¡ã¯åœç€Ÿã®åªå äºé ã® XNUMX ã€ã§ãã
å€ãã®å Žåããã·ã¢éšéã®ãã¹ãŠã®ããžãã¹ããã»ã¹ã¯å€åœäŒæ¥ã®æ¬ç€Ÿã«ãã£ãŠç®¡çããã³å®£èšãããŠãããããã°ã«ãŒãå šäœã®å éšåºæºã«æºæ ããå¿ èŠããããŸãã æè¿ãåœç€Ÿã®äž»èŠã¯ã©ã€ã¢ã³ãã®äžéšãã»ãã¥ãªã㣠ããªã·ãŒã匷åããæ¹åã§æ¹èšãå§ããŠããŸãã ãã¡ãããããã¯ãµã€ããŒæ»æãæ å ±ã»ãã¥ãªãã£äŸµå®³ã€ã³ã·ãã³ãã«é¢é£ããæ倱ã®å¢å ãšããäžççãªåŸåã«ãããã®ã§ãããäŒæ¥ã®æ å ±ã»ãã¥ãªãã£ã匷åããããšãç®çãšããä¿è·å¯Ÿçãããªã·ãŒãæé ãå®è£ ããå¿ èŠãããå Žåã¯ãISO ããªããŠã察å¿ã§ããŸãã /IEC 27001 èªèšŒã«ãããå€ãã®ãéãæéãç¥çµãç¯çŽã§ããŸãã
çŸåšã瀟å ã®æ¢åã®æ å ±ã»ãã¥ãªãã£ã«å¯ŸããèŠä»¶ããå€åœã®é¡§å®¢ããã®å ¥æã«çŸãå§ããŠããŸãã æ€èšŒãç°¡çŽ åããã¢ãããŒããçµ±äžããããã«ãISO/IEC 27001 èªèšŒã®æç¡ãšããå¿ é ã®è©äŸ¡åºæºãèšå®ããŠããäŒæ¥ããããŸãã
ç§ãã¡ããããŸã§ã«ç®ã«ããããšã¯æ¬¡ã®ãšããã§ãããã®èŠæ Œã®èªå®ãåããåœç€Ÿã®äž»èŠãªåœéã¯ã©ã€ã¢ã³ãã® 3 瀟ã¯ãã°ããŒãã«æ å ±ã»ãã¥ãªã㣠ããŒã ãå€§å¹ ã«åŒ·åããããã§ãã ãã®ããšãã©ã®ããã«ããŠç¥ããŸããã? 圌ãã¯ãåœç€ŸãäŒèšãµãŒãã¹ãšäººäºç®¡çã圌ãã«æäŸããŠãããããåœç€Ÿã®æ å ±ã»ãã¥ãªãã£ç®¡çã·ã¹ãã ãç£æ»ããããšã決å®ããŸããããããã£ãŠãåœç€Ÿã®æ å ±ã·ã¹ãã ã®ã»ãã¥ãªãã£ã¯åœŒãã«ãšã£ãŠéåžžã«éèŠã§ãã ååã®ç£æ»ã¯ XNUMX 幎åã«è¡ãããŸãããããã®æã¯ãã¹ãŠããŸã£ããåé¡ãªãé²ã¿ãŸããã
ä»åã¯ãå奜çãªã€ã³ã人ã®ããŒã ãç§ãã¡ãæ»æããç§ãã¡ã®ã»ãã¥ãªãã£ç®¡çã·ã¹ãã ã®æ°åã®æ¬ é¥ãå·§ã¿ã«æŽãåºããŸããã ç£æ»ããã»ã¹ã¯ãµã ãµã©ã®è»èŒªã«äŒŒãŠããŸãããååãšããŠãç£æ»ã®äžç°ãšããŠæçµå°ç¹ã«å°éãããšããç®æšã¯ãªãããã§ããã ããã¯ãã¯ã©ã€ã¢ã³ãã® IT ã»ãã¥ãªã㣠ããŒã ã®ã¢ã¯ã»ã³ããèªèããããšããééã®ãªãäžé£ã®è³ªåãã³ã¡ã³ããç§ãã¡ã®ã³ã¡ã³ããšãã®çŸå®ã®èšŒæ ãé»è©±äŒè°ããããŠé·ãå²åŠçãªäŒè©±ã§ããã ãšããã§ãç£æ»ã¯ä»æ¥ã«è³ããŸã§ããŸããŸãªçšåºŠã®åŒ·åºŠã§ç¶ç¶ãããŠããŸãããæéãçµã€ã«ã€ããŠãç§ãã¡ã¯ããã«åæããããã«ãªããŸããã ãããã£ãŠãèªèšŒã®å¿ èŠæ§ãç¬èªã«çããŠããŸãã
ISO 9001 ã§ãªããšããªãã§ããããïŒ
ISO èŠæ Œã«åŸã£ãèªèšŒã®åé¡ã«å€ããå°ãªãã粟éããŠãã人ãªã誰ã§ããããããã®èŠæ Œã®åºç€ã ISO 9001ãå質ãããžã¡ã³ã ã·ã¹ãã ãèªèšŒã§ããããšãç解ããŠããŸãã ããã¯ãããããISO èŠæ Œå šäœã®äžã§çŸåšæã人æ°ã®ãã蚌ææžã§ãã ç§ãã¡ã¯ãããæã£ãŠããŸããã§ãã - ãããŠç§ãã¡ã¯ãããæã«å ¥ããªãããšã«æ±ºããŸããã ããã«ã¯ããã€ãã®çç±ããããŸããã
- ãã®èšŒææžãæã£ãŠããäŒæ¥ã®çµæžæ§ã«çåãããã
- ç§ãã¡ã®å éšããã»ã¹ã®å€§éšåã¯ããã§ã«ãã®æšæºã«è¿ã¥ããŸããã
- ãã®èšŒææžãååŸããã«ã¯ãè¿œå ã®æéãšè²»çšãå¿ èŠã«ãªããŸãã
ããã§ãããã軜éãªã27001 ããå§ããã®ã§ã¯ãªããçŽã¡ã« ISO 9001 ãå°å ¥ããããšã«ããŸããã
ãããšããŸã å¿ èŠãªãã®ã§ããããïŒ
å°æ¥ãèŠæ®ããŠãç§ãã¡ã¯ãããååŸããããšãåŸçã§ãããã©ãããšããåé¡ã«äœåºŠãæ»ã£ãŠããŸããã ç§ãã¡ã¯å°éç¥èããŸã£ããæã£ãŠããªãã£ãã®ã§ããã®åé¡ãããããé¢ããç 究ãå§ããŸããã ãããŠããã®åé¡ã«ã€ããŠããäžåºŠèãããããã誀解ã¯æ¬¡ã®ãšããã§ãã
誀解ãã®1ã
ç§ãã¡ã¯ããã®èŠæ Œã«ãã£ãŠè©³çŽ°ãªãã§ãã¯ãªã¹ããããªã·ãŒã®ãªã¹ãããã®ä»ã®æ³çææžãæäŸãããããšãæåŸ
ããŠããŸããã å®éã«ã¯ãISO/IEC 27001 ã¯æ
å ±ã»ãã¥ãªãã£ç®¡çã·ã¹ãã èªäœãšæ§ç¯ãããããã»ã¹ã«å¯Ÿããäžé£ã®èŠä»¶ã§ããããšãå€æããŸããã ããããèžãŸããŠãèŠæ Œã®èŠä»¶ãæºããããã«èªç€Ÿã§äœãæžã/å®è£
ããããç¬èªã«æ±ºå®ããå¿
èŠããããŸããã
誀解ãã®2ã
ç§ãã¡ã¯ãXNUMX ã€ã®ããã¥ã¡ã³ããæ€èšããæ¯èŒççæéã§ãããèªåãã¡ã§å®è£
ããã ãã§ååã§ãããšå¿ããä¿¡ããŠããŸããã å®éããã®ææžãèªãã§ãããã¡ã«ãç§ãã¡ã®æšæºãã©ãã»ã©å€ãã®é¢é£æšæºã«ãåºå·ãããŠãããã(å°ãªããšãè¡šé¢çã«ã¯) ã©ãã ãã®æšæºã«æ
£ããå¿
èŠãããããããããŸããã æ®å¿µãªç¹ã¯ãçŸåšã®èŠæ Œããã¹ãããããªãã¯ãã¡ã€ã³ã«ååšããªãããšã§ãããISO ã®å
¬åŒ Web ãµã€ããã賌å
¥ããå¿
èŠããããŸããã
誀解ãã®3ã
ç§ãã¡ã¯ãèªèšŒã®æºåã«å¿
èŠãªãã®ã¯ãã¹ãŠãªãŒãã³ãœãŒã¹ã§èŠã€ãããšç¢ºä¿¡ããŠããŸããã ISO 27001 ã«é¢ããè³æã¯ç¢ºãã«ã€ã³ã¿ãŒãããäžã«æ°å€ããããŸãããã詳现ãããäžè¶³ããŠããŸããã èªèšŒã®æºåã«é¢ããåããããã段éçãªèª¬æãããã®èŠæ Œãå°å
¥ããäŒæ¥ã®å®äŸã¯ã»ãšãã©ãããŸããã§ããã
誀解ãã®4ã
ããªã·ãŒãäœæããŸãããæ©èœããŸããã 確ãã«ãç§ãã¡ã®äŒç€Ÿã«ã¯ãã§ã«ã«ãŒã«ãå€ãããŠãããš 3 件ã®æ°ããããªã·ãŒã«åŸã人ã¯èª°ãããŸããã å®éã幞ããªããšã«ãåœç€Ÿã®åŸæ¥å¡ã¯è²¬ä»»ãæã£ãŠæ°ããã«ãŒã«ãç¿åŸãããšãã課é¡ã«åãçµã¿ãæ
å ±ã»ãã¥ãªãã£ç®¡çã·ã¹ãã ææžã®ç¥èã«é¢ãããã¹ãã«åæ ŒããŸããã
誀解ãã®5ã
åœæãç§ãã¡ã¯èªåãã¡ã®åãçµã¿ããã©ã®ãããªã¡ãªãããåŸãããã®ããæ確ã«è©äŸ¡ããããšãã§ããŸããã§ããã åœæããã®èšŒææžã«å¯Ÿãããªã¯ãšã¹ãã®æ°ã¯ããã»ã©å€ãã¯ãªããç§ãã¡ã¯èªèšŒã®ããªãåã«äž»èŠã§æãèŠæ±ã®å³ããã¯ã©ã€ã¢ã³ããç²åŸããŠããŸããã çµéšäžãæšæºãªãã§ããªããšããã£ãŠãããããšãããããŸããã
ããæç¹ã§ãç§ãã¡ã¯ã¯ã©ã€ã¢ã³ãã®èŠä»¶ã«ãããæ°ãã«çããã®ã£ãããç¡ç§©åºã«åããŠããããšã«æ°ã¥ããŸããã ãã®ãã³ã«ãç§ãã¡ã¯ããã€ãã®æ°ããæ¿çã解決çãèãåºããŸããã ãããŠç§ãã¡ã¯æçµçã«ãããã»ã¹ãã·ã¹ãã åããæ¹ãã¯ããã«ç°¡åã§ãå°æ¥çã«ã¯äººä»¶è²»ãå€§å¹ ã«ç¯çŽã§ãããšããç¬èªã®çµè«ã«éããŸããã ãã®æšæºã¯ããã®ã¿ã¹ã¯ãç°¡çŽ åããããšãç®çãšããŠããŸããã
XNUMX 幎ãçµéããçŸåšãäž»èŠãªåœéã¯ã©ã€ã¢ã³ãããã®ãã®åé¡ã«å¯Ÿãããªã¯ãšã¹ããšé¢å¿ã®æ°ã¯å¢å åŸåã«ãããŸãã
æçµæ±ºå®ã
çµè«ãšããŠãåœç€Ÿã®æ¥çãªãŒããŒã ISO/IEC 27001 èªèšŒãååŸããããšã«ãããä»ã®ãã¹ãŠã®äž»èŠãããã€ã㌠(åœç€Ÿãå«ã) ããã®åé¡ã«ã€ããŠæ€èšããå¿ èŠã«è¿«ããããšèšããããšæããŸãã ãŠã§ããµã€ãããœãŒã·ã£ã«ãããã¯ãŒã¯ãåºåãã³ãã¬ãããªã©ã®äŒç€Ÿã®ããŒã±ãã£ã³ã°è³æã«ã¯ãééããªãçŸããã©ã€ã³ããããŸãã â ããã¯å¬ããããŒãã¹ãšèããããŸããããã®ããã«ããã»ã©å€ãã®ãªãœãŒã¹ãè²»ãã䟡å€ãããã§ãããã? ç§ãã¡ã«ãšã£ãŠãããã¯åãªãçŸããã©ã€ã³ã§ã¯ãªããšå€æãããã®ãããžã§ã¯ãã«åå ããŸããã
åºæïŒ habr.com