本文件定义了信息安全管理领域的过程参考模型（PRM），该模型符合ISO/IEC 33004中定义的过程参考模型标准（见附录a）。它旨在指导ISO/IEC 27001的用户: -将ISO/IEC 27000:2018第4.3节所述的过程方法纳入ISMS； -从ISMS过程运行的角度来看，与ISO/IEC 27000系列其他标准内完成的所有工作保持一致 -支持用户操作ISMS？本文件是对ISO/IEC 27003以需求为导向的观点的补充，提供了一个可操作的、可扩展的过程- 有针对性的观点。

This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to: — incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS; — be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes — support users in the operation of an ISMS?this document is complementing the requirements-oriented perspective of ISO/IEC 27003 with an operational, process-oriented point of view.