BS EN ISO/IEC 27006:2020 2021
$189.07
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems
| Published By | Publication Date | Number of Pages |
| BSI | 2021 | 48 |
This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021ā1 and ISO/IEC 27001 . It is primarily intended to support the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.
NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 2 | National foreword |
| 6 | European foreword |
| 9 | Foreword |
| 10 | Introduction |
| 11 | 1 Scope 2 Normative references 3 Terms and definitions 4 Principles |
| 12 | 5 General requirements 5.1 Legal and contractual matters 5.2 Management of impartiality 5.2.1 IS 5.2 Conflicts of interest 5.3 Liability and financing 6 Structural requirements 7 Resource requirements 7.1 Competence of personnel |
| 13 | 7.1.1 IS 7.1.1 General considerations 7.1.2 IS 7.1.2 Determination of Competence Criteria |
| 16 | 7.2 Personnel involved in the certification activities 7.2.1 IS 7.2 Demonstration of auditor knowledge and experience |
| 17 | 7.3 Use of individual external auditors and external technical experts 7.3.1 IS 7.3 Using external auditors or external technical experts as part of the audit team 7.4 Personnel records 7.5 Outsourcing |
| 18 | 8 Information requirements 8.1 Public information 8.2 Certification documents 8.2.1 IS 8.2 ISMS Certification documents 8.3 Reference to certification and use of marks 8.4 Confidentiality 8.4.1 IS 8.4 Access to organizational records 8.5 Information exchange between a certification body and its clients 9 Process requirements 9.1 Pre-certification activities 9.1.1 Application |
| 19 | 9.1.2 Application review 9.1.3 Audit programme |
| 20 | 9.1.4 Determining audit time 9.1.5 Multi-site sampling |
| 21 | 9.1.6 Multiple management systems 9.2 Planning audits 9.2.1 Determining audit objectives, scope and criteria |
| 22 | 9.2.2 Audit team selection and assignments 9.2.3 Audit plan |
| 23 | 9.3 Initial certification 9.3.1 IS 9.3.1 Initial certification audit |
| 24 | 9.4 Conducting audits 9.4.1 IS 9.4 General 9.4.2 IS 9.4 Specific elements of the ISMS audit 9.4.3 IS 9.4 Audit report |
| 25 | 9.5 Certification decision 9.5.1 IS 9.5 Certification decision 9.6 Maintaining certification 9.6.1 General 9.6.2 Surveillance activities |
| 26 | 9.6.3 Re-certification |
| 27 | 9.6.4 Special audits 9.6.5 Suspending, withdrawing or reducing the scope of certification 9.7 Appeals 9.8 Complaints 9.8.1 IS 9.8 Complaints 9.9 Client records 10 Management system requirements for certification bodies 10.1 Options 10.1.1 IS 10.1 ISMS implementation 10.2 Option A: General management system requirements 10.3 Option B: Management system requirements in accordance with ISO 9001 |
| 28 | Annex A (informative) Knowledge and skills for ISMS auditing and certification |
| 30 | Annex B (normative) Audit time |
| 35 | Annex C (informative) Methods for audit time calculations |
| 39 | Annex D (informative) Guidance for review of implemented ISO/IEC 27001:2013, Annex A controls |
| 47 | Bibliography |
Related products
-
BS EN ISO 4259-1:2017+A2:2020:2021 Edition
Petroleum and related products. Precision of measurement methods and results – Determination of precision dataā¦
-
BS ISO/IEC 27001:2022 ExComm:2023 Edition
Expert Commentary for BS ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection. Information security managementā¦
-
BS EN ISO 14044:2006+A2:2020:2021 Edition
Environmental management. Life cycle assessment. Requirements and guidelines Published By Publication Date Number of Pagesā¦
-
BS ISO/IEC 27001:2022
Information security, cybersecurity and privacy protection. Information security management systems. Requirements Published By Publication Dateā¦
-
BS EN ISO 10140-2:2010:2011 Edition
Acoustics. Laboratory measurement of sound insulation of building elements – Measurement of airborne sound insulationā¦
-
BS EN ISO 14042:2000
Environmental management. Life cycle management. Life cycle impact assessment Published By Publication Date Number ofā¦
-
BS EN ISO 10062:2008
Corrosion tests in artificial atmosphere at very low concentrations of polluting gas(es) Published By Publicationā¦
-
BSI 23/30470501 DC:2023 Edition
BS EN ISO/IEC 27006-1.2. Information technology, cybersecurity and privacy protection. Requirements for bodies providing auditā¦
-
BS EN ISO 10535:2021
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BS EN ISO 13267:2023
Thermoplastics piping systems for non-pressure underground drainage and sewerage. Thermoplastics inspection chamber and manhole bases.ā¦
-
BS EN ISO/IEC 19790:2020
Information technology. Security techniques. Security requirements for cryptographic modules Published By Publication Date Number ofā¦
-
BS EN ISO 10535:2021
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BS EN ISO 14040:2006+A1:2020
Environmental management. Life cycle assessment. Principles and framework Published By Publication Date Number of Pagesā¦
-
BS EN ISO 27007:2022
Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing Published Byā¦
-
BS EN ISO 10140-4:2010:2011 Edition
Acoustics. Laboratory measurement of sound insulation of building elements – Measurement procedures and requirements Publishedā¦
-
BS EN ISO/IEC 19790:2020
Information technology. Security techniques. Security requirements for cryptographic modules Published By Publication Date Number ofā¦
-
BS EN ISO 22867:2011:2012 Edition
Forestry and gardening machinery. Vibration test code for portable hand-held machines with internal combustion engine.ā¦
-
BS EN ISO 10535:2021
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BS EN ISO 14043:2000
Environmental management. Life cycle assessment. Life cycle interpretation Published By Publication Date Number of Pagesā¦
-
BS EN ISO/IEC 27005:2024
Information security, cybersecurity and privacy protection. Guidance on managing information security risks Published By Publicationā¦
-
BS EN ISO/IEC 27001:2023 – TC
Tracked Changes. Information security, cybersecurity and privacy protection. Information security management systems. Requirements Published Byā¦
-
BS EN ISO 13268:2023
Thermoplastics piping systems for non-pressure underground drainage and sewerage. Thermoplastics shafts or risers for inspectionā¦
-
BS ISO/IEC 27007:2017
Information technology. Security techniques. Guidelines for information security management systems auditing Published By Publication Dateā¦
-
BS EN ISO 10535:2021
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BS ISO/IEC 27006:2011:2012 Edition
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS EN ISO/IEC 27006:2020 2021
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS EN ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection. Information security controls Published By Publication Date Number ofā¦
-
BS EN ISO 11607-1:2017:2018 Edition
Packaging for terminally sterilized medical devices – Requirements for materials, sterile barrier systems and packagingā¦
-
BS EN ISO 10535:2021
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BS EN ISO/IEC 27006-1:2024
Information security, cybersecurity and privacy protection. Requirements for bodies providing audit and certification of informationā¦
-
BS EN ISO 9875:2002 2006
Ships and marine technology. Marine echo-sounding equipment Published By Publication Date Number of Pages BSIā¦
-
BSI 24/30451370 DC:2024 Edition
BS EN ISO/IEC 7816-3:2006/Amd 1 Identification cards ā Integrated circuit cards – Part 3: Cardsā¦
-
BS EN ISO 10535:2021:2023 Edition
Assistive products. Hoists for the transfer of persons. Requirements and test methods Published By Publicationā¦
-
BSI 23/30464970 DC 2023
BS EN ISO/IEC 27013:2021/Amd 1 Information security, cybersecurity and privacy protection. Guidance on the integratedā¦
-
BS EN ISO/IEC 27000:2017
Information technology. Security techniques. Information security management systems. Overview and vocabulary Published By Publication Dateā¦
-
BS EN ISO/IEC 19790:2020
Information technology. Security techniques. Security requirements for cryptographic modules Published By Publication Date Number ofā¦
-
BSI PD CEN/TR 17868:2022
Intelligent transport systems. EU-ICIP. ITS standards deliverables (2022) Published By Publication Date Number of Pagesā¦
-
BS EN ISO/IEC 27000:2020
Information technology. Security techniques. Information security management systems. Overview and vocabulary Published By Publication Dateā¦
-
BS EN ISO/IEC 27006:2020
Information technology. Security techniques. Requirements for bodies providing audit and certification of information security managementā¦
-
BS EN ISO 11607-2:2017:2018 Edition
Packaging for terminally sterilized medical devices – Validation requirements for forming, sealing and assembly processesā¦
