GB/T 22080-2025 English PDFUS$444.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 22080-2025: Cybersecurity technology - Information security management systems - Requirements Status: Valid GB/T 22080: Historical versions
Basic dataStandard ID: GB/T 22080-2025 (GB/T22080-2025)Description (Translated English): Cybersecurity technology - Information security management systems - Requirements Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 22,233 Date of Issue: 2025-06-30 Date of Implementation: 2026-01-01 Older Standard (superseded by this standard): GB/T 22080-2016 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 22080-2025: Cybersecurity technology - Information security management systems - Requirements---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT22080-2025 ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 22080-2016 Cybersecurity Technology Information Security Management System Requirements Requirements Released on June 30, 2025 Implementation on January 1, 2026 State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Organizational Environment 1 4.1 Understanding the organization and its environment 1 4.2 Understanding the needs and expectations of stakeholders 1 4.3 Determine the scope of the information security management system 2 4.4 Information Security Management System 2 5 Leaders 2 5.1 Leadership and Commitment 2 5.2 Guideline 2 5.3 Organizational roles, responsibilities and authorities 2 6 Planning 3 6.1 Measures to address risks and opportunities 3 6.2 Information security goals and implementation plans 4 6.3 Planning for Change 4 7 support 4 7.1 Resources 4 7.2 Capabilities 4 7.3 Awareness 5 7.4 Communication 5 7.5 Documented information 5 8 Run 6 8.1 Operational Planning and Control 6 8.2 Information Security Risk Assessment 6 8.3 Information Security Risk Management 6 9 Performance Evaluation 6 9.1 Monitoring, measurement, analysis and evaluation 6 9.2 Internal Audit 6 9.3 Management Review 7 10 Improvement 7 10.1 Continuous Improvement 7 10.2 Nonconformity and Corrective Action 7 Appendix A (Normative) Information Security Control Reference 9 Reference 16 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 22080-2016 "Information Technology Security Technology Information Security Management System Requirements" and GB/T 22080- Compared with.2016, in addition to editorial changes, the main technical changes are as follows. a) Added “the organization shall determine whether climate change is a relevant matter” (see 4.1); b) Added “the organization shall determine which requirements will be addressed by the information security management system” [see 4.2c)]; c) Changed the requirements for the applicability statement in "Information Security Risk Treatment" [see 6.1.3d) and 6.1.3d) of the.2016 edition]; d) Added the requirement of “Planning for Changes” (see 6.3); e) Changed the information security control references, including merging some existing controls, adding new controls, and adjusting the presentation of controls. Method (see Appendix A, Appendix A of the.2016 edition). This document is equivalent to ISO /IEC 27001.2022 "Information security, network security and privacy protection information security management system requirements" beg". The following minimal editorial changes have been made to this document. --- To coordinate with my country's technical standards system, the name of the standard was changed to "Requirements for Information Security Management System for Cybersecurity Technology"; ---Incorporate ISO /IEC 27001.2022/Amd1.2024 "Information security, network security and privacy protection - Information security management system" Amendment 1 to the Climate Action Requirements. Changes related to climate action are indicated by double vertical lines on the outside of the corresponding changed clauses. Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. China Electronics Technology Standardization Institute, China National Accreditation Service for Conformity Assessment, China Cybersecurity Review and Accreditation Service Securities and Market Supervision Big Data Center, Beijing Anxin Tianxing Technology Co., Ltd., China Information Security Evaluation Center, Heilongjiang Provincial Cyberspace Research Center Research Center, China Electronics Great Wall Internet System Application Co., Ltd., Shandong Provincial Institute of Standardization, AsiaInfo Technologies (Chengdu) Co., Ltd., Shenzhen Tencent Computer Systems Co., Ltd., China Southern Power Grid Digital Grid Group Information Communication Technology Co., Ltd., China National Tobacco Corporation Hubei Province Company, Beijing Tianrongxin Network Security Technology Co., Ltd., Vipshop (China) Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Guangzhou Sai Bao Certification Center Service Co., Ltd., China Classification Society Quality Certification Co., Ltd., Beijing CESI Certification Co., Ltd., Venusstar Information Technology Group Co., Ltd., Beijing Zhongjin Cloud Network Technology Co., Ltd., Zhejiang MyBank Co., Ltd., Beijing Times Newway Information Technology Co., Ltd., Northwest Sales Branch of China National Petroleum Corporation. The main drafters of this document are. Xu Yuna, Fu Zhigao, Wang Bingzheng, Lin Yanghuichen, Youqi, Wei Liru, Zhai Yahong, Chen Qingmin, Lu Li, Yang Jingjing, Wang Yan, Qu Jiaxing, Fang Zhou, Bai Rui, Yang Xiaoxuan, Min Jinghua, Bai Xudong, Wang Jiao, Zhu Xuefeng, Gong Wei, Liao Shuangxiao, Liu Zhenyu, Wang Qiong, Yang Sike, Kou Zengjie, Zhou Yu, Wang Tuo, Lu Li, Sun Yi, Zhao Lihua, Yang Tianshi, Cheng Yan, Shi Yanyu, Wang Lianqiang, Xie Jianlin, Liu Jie, and Yu Huichao. The previous versions of this document and the documents it replaces are as follows. ---First published as GB/T 22080-2008 in.2008 and first revised in.2016; ---This is the second revision.introduction0.1 Overview This document provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The establishment and implementation of an organization's information security management system is influenced by the organization's needs and goals, security requirements, and the policies and measures taken by the organization. The process, scale and structure of the application are all factors that may change over time. The information security management system maintains the confidentiality, integrity and availability of information by applying risk management processes and establishes Confidence that risks are adequately managed. It is important for organizations to integrate the information security management system into their processes and overall management structure so that it becomes part of the latter. Information security is an integral part of the organization's information security management system and should be considered in the design of the organization's processes, information systems and controls. It is to be consistent with the needs of the organization. This document can be used by internal and external parties to assess an organization's ability to meet its information security requirements. The order in which the requirements are presented in this document does not reflect the importance of each requirement, nor does it imply the order in which these requirements should be implemented. For ease of reference only. ISO /IEC 27000 describes the overview and vocabulary of information security management systems and refers to the family of information security management system standards (including ISO /IEC 27003, ISO /IEC 27004 and ISO /IEC 27005), and related terms and definitions. 0.2 Compatibility with other management system standards This document applies the high-level structure, same clause titles, same text, and general Terms and core definitions are included, thus maintaining compatibility with other management system standards that adopt Annex SL. The common approach defined in Annex SL is useful for organizations that choose to operate a single management system to meet the requirements of multiple management system standards. Used. Cybersecurity Technology Information Security Management System Requirements 1 Scope This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization. The requirements of this document are general and applicable to various When an organization claims conformity with this document, it shall not be deemed to exclude any of the requirements specified in Chapters 4 to 10. 2 Normative references The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. ISO /IEC 27000 Information technology security techniques Information security management systems overview and vocabulary Note. GB/T 29246-2023 Information security technology - Information security management system overview and vocabulary (ISO /IEC 27000.2018, IDT) 3 Terms and Definitions For the purposes of this document, the terms and definitions defined in ISO /IEC 27000 apply. The URLs for terminology databases used for standardization maintained by ISO and IEC are as follows. 4 Organizational Environment 4.1 Understanding the organization and its environment The organization shall determine external and internal matters that are relevant to its intent and that affect its ability to achieve the intended outcomes of its information security management system. The organization should determine whether climate change1) is a relevant matter. 1) For more information on climate change, see the joint communication of ISO and the International Accreditation Forum (IAF) on adding climate change considerations to management system standards. Note. For the determination of these matters, see 5.4.1 Establishing the external and internal environment in GB/T 24353-2022. 4.2 Understanding the needs and expectations of stakeholders The organization shall determine. a) interested parties of the information security management system; b) the relevant requirements of these interested parties; c) Which requirements will be addressed by the information security management system. Note 1 to entry. Requirements of interested parties include legal, regulatory and contractual obligations. Note 2.Interested parties may raise requirements related to climate change. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 22080-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 22080-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 22080-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 22080-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 22080-2025?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 22080-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
