UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

CEI - UNI EN ISO/IEC 27006

Information technology - Security techniques Requirements for bodies providing audit and certification of information security management systems

active, Most Current
Organization: CEI
Publication Date: 1 June 2021
Status: active
Page Count: 54
ICS Code (Management systems): 03.100.70
ICS Code (IT Security): 35.030
scope:

This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.

The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.

NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.

Document History

UNI EN ISO/IEC 27006
June 1, 2021
Information technology - Security techniques Requirements for bodies providing audit and certification of information security management systems
This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the...

References

This document references:
ISO 19011 - Guidelines for auditing management systems
Published by ISO on July 1, 2018
This document provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the...
This document references:
ISO 9001 - Quality management systems — Requirements
Published by ISO on September 15, 2015
This International Standard specifies requirements for a quality management system when an organization: a) needs to demonstrate its ability to consistently provide products and services that meet...
This document references:
ISO/IEC 17021-1 - Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements
Published by ISO on June 15, 2015
This part of ISO/IEC 17021 contains principles and requirements for the competence, consistency and impartiality of bodies providing audit and certification of all types of management systems....
This document references:
ISO/IEC 27007 - Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
Published by ISO on January 1, 2020
This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance...
This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
View Less
View All
Advertisement