UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC TS 27006-2

Requirements for bodies providing audit and certification of information security management systems — Part 2: Privacy information management systems

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 February 2021
Status: active
Page Count: 16
ICS Code (Product and company certification. Conformity assessment): 03.120.20
ICS Code (IT Security): 35.030
scope:

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.

The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.

NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

Document History

ISO/IEC DIS 27006-2
July 18, 2023
Requirements for bodies providing audit and certification of information security management systems — Part 2: Privacy information management systems
This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination...
ISO/IEC TS 27006-2
February 1, 2021
Requirements for bodies providing audit and certification of information security management systems — Part 2: Privacy information management systems
This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination...

References

This document references:
ISO/IEC 17021-1 - Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements
Published by ISO on June 15, 2015
This part of ISO/IEC 17021 contains principles and requirements for the competence, consistency and impartiality of bodies providing audit and certification of all types of management systems....
This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
This document references:
ISO/IEC 27006 - Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems AMENDMENT 1
Published by ISO on March 1, 2020
A description is not available for this item.
This document references:
ISO/IEC 27701 - Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines
Published by ISO on August 1, 2019
This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an...
This document is referenced by:
ISO/IEC TR 3445 - Information technology — Cloud computing — Audit of cloud services
Published by ISO on March 1, 2022
This document surveys aspects of the audit of cloud services including: 1) role and responsibilities of parties conducting audit and description of the interactions between the CSC, CSP, and CSN; 2)...
This document is referenced by:
PD ISO/IEC TR 3445 - Information technology - Cloud computing - Audit of cloud services
Published by BSI on April 30, 2022
A description is not available for this item.
This document is referenced by:
ISO/IEC TR 27563 - Security and privacy in artificial intelligence use cases — Best practices
Published by ISO on May 1, 2023
This document specifies test methods and requirements for power cable systems, cables alone and accessories alone, for fixed installations and for rated voltages above 30 kV (Um = 36 kV) up to and...
This document is referenced by:
NPR-ISO/IEC TR 27563 - Security and privacy in artificial intelligence use cases - Best practices
Published by NEN on May 1, 2023
This document outlines best practices on assessing security and privacy in artificial intelligence use cases, covering in particular those published in ISO/IEC TR 24030. The following aspects are...
This document is referenced by:
PD ISO/IEC TR 27563 - Security and privacy in artificial intelligence use cases — Best practices
Published by BSI on June 30, 2023
A description is not available for this item.
View Less
View All
Advertisement