BSI PD ISO/IEC TS 27006-2:2021

$102.76

Requirements for bodies providing audit and certification of information security management systems – Privacy information management systems

Published By	Publication Date	Number of Pages
BSI	2021	18

Guaranteed Safe Checkout

Categories: 03.120.20 - Product and company certification. Conformity assessment, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document specifies requirements and provides guidance for bodies providing audit and certification of a privacy information management system (PIMS) according to ISO/IEC 27701 in combination with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 27006 and ISO/IEC 27701. It is primarily intended to support the accreditation of certification bodies providing PIMS certification.

The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing PIMS certification, and the guidance contained in this document provides additional interpretation of these requirements for any body providing PIMS certification.

NOTE

This document can be used as a criteria document for accreditation, peer assessment or other audit processes.

PDF Catalog

PDF Pages	PDF Title
2	National foreword
7	Foreword
8	Introduction
9	1 Scope 2 Normative references 3 Terms and definitions
10	4 Principles 5 General requirements 5.1 Legal and contractual matters 5.2 Management of impartiality 5.3 Liability and financing 6 Structural requirements 7 Resource requirements 7.1 Competence of personnel 7.1.1 PS 7.1.1 General considerations 7.1.2 PS 7.1.2 Determination of competence criteria
11	7.2 Personnel involved in the certification activities
12	7.2.1 PS 7.2 Demonstration of auditor knowledge and experience 7.2.2 PS 7.2.1.1 Selecting auditors 7.3 Use of individual external auditors and external technical experts 7.4 Personnel records 7.5 Outsourcing 8 Information requirements 8.1 Public information 8.2 Certification documents 8.2.1 PS 8.2 PIMS Certification documents
13	8.3 Reference to certification and use of marks 8.4 Confidentiality 8.5 Information exchange between a certification body and its clients 9 Process requirements 9.1 Pre-certification activities 9.1.1 Application 9.1.2 Application review 9.1.3 Audit programme
14	9.1.4 Determining audit time
15	9.1.5 Multi-site sampling 9.1.6 Multiple management systems 9.2 Planning audits 9.2.1 Determining audit objectives, scope and criteria 9.2.2 Audit team selection and assignments 9.2.3 Audit plan 9.3 Initial certification 9.4 Conducting audits 9.4.1 IS 9.4 General 9.4.2 IS 9.4 Specific elements of the ISMS audit 9.4.3 IS 9.4 Audit report 9.5 Certification decision
16	9.6 Maintaining certification 9.6.1 General 9.6.2 Surveillance activities 9.6.3 Re-certification 9.6.4 Special audits 9.6.5 Suspending, withdrawing or reducing the scope of certification 9.7 Appeals 9.8 Complaints 9.9 Client records 10 Management system requirements for certification bodies 10.1 Options 10.2 Option A: General management system requirements
17	10.3 Option B: Management system requirements in accordance with ISO 9001

Additional information

Status	Withdrawn
Pages	18
Publication Date	2021-03-02
Withdrawn Date	2023-04-17
ISBN	978 0 539 14335 5
Standard Number	PD ISO/IEC TS 27006-2:2021
Title	Requirements for bodies providing audit and certification of information security management systems – Privacy information management systems
Identical National Standard Of	ISO/IEC 27558
Descriptors	Data security, Information, Management, Certification (approval), Organizations, Approval organizations, Certification bodies
Publisher	BSI
Committee	IST/33
ICS Codes	03.120.20 - Product and company certification. Conformity assessment

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI PD ISO/IEC TS 27006-2:2021

PDF Catalog

Related products