BS EN ISO/IEC 27006:2020
$189.07
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 48 |
This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021ā1 and ISO/IEC 27001 . It is primarily intended to support the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.
NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 4 | European foreword |
| 7 | Foreword |
| 8 | Introduction |
| 9 | 1 Scope 2 Normative references 3 Terms and definitions 4 Principles |
| 10 | 5 General requirements 5.1 Legal and contractual matters 5.2 Management of impartiality 5.2.1 IS 5.2 Conflicts of interest 5.3 Liability and financing 6 Structural requirements 7 Resource requirements 7.1 Competence of personnel |
| 11 | 7.1.1 IS 7.1.1 General considerations 7.1.2 IS 7.1.2 Determination of Competence Criteria |
| 14 | 7.2 Personnel involved in the certification activities 7.2.1 IS 7.2 Demonstration of auditor knowledge and experience |
| 15 | 7.3 Use of individual external auditors and external technical experts 7.3.1 IS 7.3 Using external auditors or external technical experts as part of the audit team 7.4 Personnel records 7.5 Outsourcing |
| 16 | 8 Information requirements 8.1 Public information 8.2 Certification documents 8.2.1 IS 8.2 ISMS Certification documents 8.3 Reference to certification and use of marks 8.4 Confidentiality 8.4.1 IS 8.4 Access to organizational records 8.5 Information exchange between a certification body and its clients 9 Process requirements 9.1 Pre-certification activities 9.1.1 Application |
| 17 | 9.1.2 Application review 9.1.3 Audit programme |
| 18 | 9.1.4 Determining audit time 9.1.5 Multi-site sampling |
| 19 | 9.1.6 Multiple management systems 9.2 Planning audits 9.2.1 Determining audit objectives, scope and criteria |
| 20 | 9.2.2 Audit team selection and assignments 9.2.3 Audit plan |
| 21 | 9.3 Initial certification 9.3.1 IS 9.3.1 Initial certification audit |
| 22 | 9.4 Conducting audits 9.4.1 IS 9.4 General 9.4.2 IS 9.4 Specific elements of the ISMS audit 9.4.3 IS 9.4 Audit report |
| 23 | 9.5 Certification decision 9.5.1 IS 9.5 Certification decision 9.6 Maintaining certification 9.6.1 General 9.6.2 Surveillance activities |
| 24 | 9.6.3 Re-certification |
| 25 | 9.6.4 Special audits 9.6.5 Suspending, withdrawing or reducing the scope of certification 9.7 Appeals 9.8 Complaints 9.8.1 IS 9.8 Complaints 9.9 Client records 10 Management system requirements for certification bodies 10.1 Options 10.1.1 IS 10.1 ISMS implementation 10.2 Option A: General management system requirements 10.3 Option B: Management system requirements in accordance with ISO 9001 |
| 26 | Annex A (informative) Knowledge and skills for ISMS auditing and certification |
| 28 | Annex B (normative) Audit time |
| 33 | Annex C (informative) Methods for audit time calculations |
| 37 | Annex D (informative) Guidance for review of implemented ISO/IEC 27001:2013, Annex A controls |
| 45 | Bibliography |
Related products
-
BS EN ISO/IEC 27001:2023 – TC
Tracked Changes. Information security, cybersecurity and privacy protection. Information security management systems. Requirements Published Byā¦
-
BS EN ISO/IEC 27005:2024
Information security, cybersecurity and privacy protection. Guidance on managing information security risks Published By Publicationā¦
-
BS EN ISO 14042:2000
Environmental management. Life cycle management. Life cycle impact assessment Published By Publication Date Number ofā¦
-
BS EN ISO/IEC 27001:2017
Information technology. Security techniques. Information security management systems. Requirements Published By Publication Date Number ofā¦
-
BS EN ISO/IEC 27000:2017
Information technology. Security techniques. Information security management systems. Overview and vocabulary Published By Publication Dateā¦
-
BS ISO/IEC 27006:2011:2012 Edition
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS EN ISO 4892-2:2006+A1:2009:2010 Edition
Plastics. Methods of exposure to laboratory light sources – Xenon-arc lamps Published By Publication Dateā¦
-
BS EN ISO 14040:1997
Environmental management. Life cycle assessment. Principles and framework Published By Publication Date Number of Pagesā¦
-
BS EN ISO/IEC 27006:2020 2021
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS ISO/IEC 27001:2022 ExComm:2023 Edition
Expert Commentary for BS ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection. Information security managementā¦
-
BS EN ISO 10993-10:2002:2006 Edition
Biological evaluation of medical devices – Tests for irritation and delayed-type hypersensitivity Published By Publicationā¦
-
BS EN ISO 7540:2010
Ground paprika (Capsicum annuum L.). Specification Published By Publication Date Number of Pages BSI 2010ā¦
-
BS EN ISO/IEC 27006:2020 2021
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS EN ISO 10140-3:2010+A1:2015
Acoustics. Laboratory measurement of sound insulation of building elements – Measurement of impact sound insulationā¦
-
BS EN ISO 14040:2006
Environmental management. Life cycle assessment. Principles and framework Published By Publication Date Number of Pagesā¦
-
BS EN ISO 4259:2006 2007
Petroleum products. Determination and application of precision data in relation to methods of test Publishedā¦
-
BS EN ISO 14044:2006+A2:2020:2021 Edition
Environmental management. Life cycle assessment. Requirements and guidelines Published By Publication Date Number of Pagesā¦
-
BS EN ISO 9445:2006
Continuously cold-rolled stainless steel narrow strip, wide strip, plate/sheet and cut lengths. Tolerances on dimensionsā¦
-
BS EN ISO 14063:2010
Environmental management. Environmental communication. Guidelines and examples Published By Publication Date Number of Pages BSIā¦
-
BS EN ISO 13268:2023
Thermoplastics piping systems for non-pressure underground drainage and sewerage. Thermoplastics shafts or risers for inspectionā¦
-
BS ISO/IEC 27001:2005/BS 7799-2:2005
Information technology. Security techniques. Information security management systems. Requirements Published By Publication Date Number ofā¦
-
BS EN ISO 10140-5:2010+A1:2014
Acoustics. Laboratory measurement of sound insulation of building elements – Requirements for test facilities andā¦
-
BS EN ISO 10993-4:2002:2006 Edition
Biological evaluation of medical devices – Selection of tests for interactions with blood Published Byā¦
-
BS EN ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection. Information security controls Published By Publication Date Number ofā¦
-
BS EN ISO 11607-1:2017:2018 Edition
Packaging for terminally sterilized medical devices – Requirements for materials, sterile barrier systems and packagingā¦
-
BS EN ISO 3741:2010
Acoustics. Determination of sound power levels and sound energy levels of noise sources using soundā¦
-
BS EN ISO 8502-6:2006
Preparation of steel substrates before application of paints and related products. Tests for the assessmentā¦
-
BS EN ISO 9875:2002 2006
Ships and marine technology. Marine echo-sounding equipment Published By Publication Date Number of Pages BSIā¦
-
BSI 23/30464970 DC 2023
BS EN ISO/IEC 27013:2021/Amd 1 Information security, cybersecurity and privacy protection. Guidance on the integratedā¦
-
BSI 24/30451370 DC:2024 Edition
BS EN ISO/IEC 7816-3:2006/Amd 1 Identification cards ā Integrated circuit cards – Part 3: Cardsā¦
-
BS EN ISO 11607-2:2017:2018 Edition
Packaging for terminally sterilized medical devices – Validation requirements for forming, sealing and assembly processesā¦
-
BS EN ISO 27007:2022
Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing Published Byā¦
-
BS EN ISO/IEC 27701:2021
Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements andā¦
-
BS EN ISO/IEC 27006-1:2024
Information security, cybersecurity and privacy protection. Requirements for bodies providing audit and certification of informationā¦
-
BS EN ISO 14040:2006+A1:2020
Environmental management. Life cycle assessment. Principles and framework Published By Publication Date Number of Pagesā¦
-
BSI 23/30470501 DC:2023 Edition
BS EN ISO/IEC 27006-1.2. Information technology, cybersecurity and privacy protection. Requirements for bodies providing auditā¦
-
BS EN ISO/IEC 27000:2020
Information technology. Security techniques. Information security management systems. Overview and vocabulary Published By Publication Dateā¦
-
BS EN ISO 14043:2000
Environmental management. Life cycle assessment. Life cycle interpretation Published By Publication Date Number of Pagesā¦
-
BS ISO/IEC 27001:2022
Information security, cybersecurity and privacy protection. Information security management systems. Requirements Published By Publication Dateā¦
-
BS EN ISO 10077-1:2006:2010 Edition
Thermal performance of windows, doors and shutters. Calculation of thermal transmittance – General Published Byā¦
