The Business Standards Encyclopedia: ISO 27006




















ISO 27006


ISO 27006 was published in April 2007. It was the second in the ISO 27000 series of standards to appear, following ISO 27001, which was published in 2005.



ISO 27006 Contents


The full title of this standard is: "Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems". It contains the following sections:

Foreword
Introduction
Scope
References
Definitions
Principles
General Requirements
Structural Requirements
Resource Requirements
Information Requirements
Process Requirements
Management Systems Requirements for Certification Bodies
Annex A: Analysis of a client organization's complexity and sector-specific aspects
Annex B: Example areas of Auditor competence
Annex C: Audit time
Annes D: Guidance for review of implemented ISO/IEC 27001:2005 Annex A controls





Related Standards


ISO 27006 is most closely related to ISO 27001, which is the specification for an ISMS (Information Security Management System), as this is the information security standard against which certification is available. It is also closely aligned with ISO 17021, which is titled: "Conformity Assessment. Requirements for bodies providing audit and certification of management systems".








 
Internet Sources
BSI
BSI
British Standards Institute

BSI were the first to offer direct download of the PDF. It can be downloaded from the online:
Standards Direct Store







2007 (c) All rights reserved.    │   Home   │   Email  

Standards.BZ