The Business Standards Encyclopedia: ISO 27006

ISO 27006

ISO 27006 was published in April 2007. It was the second in the ISO 27000 series of standards to appear, following ISO 27001, which was published in 2005.

ISO 27006 Contents

The full title of this standard is: "Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems". It contains the following sections:

General Requirements
Structural Requirements
Resource Requirements
Information Requirements
Process Requirements
Management Systems Requirements for Certification Bodies
Annex A: Analysis of a client organization's complexity and sector-specific aspects
Annex B: Example areas of Auditor competence
Annex C: Audit time
Annes D: Guidance for review of implemented ISO/IEC 27001:2005 Annex A controls

Related Standards

ISO 27006 is most closely related to ISO 27001, which is the specification for an ISMS (Information Security Management System), as this is the information security standard against which certification is available. It is also closely aligned with ISO 17021, which is titled: "Conformity Assessment. Requirements for bodies providing audit and certification of management systems".

Internet Sources
British Standards Institute

BSI were the first to offer direct download of the PDF. It can be downloaded from the online:
Standards Direct Store

2007 (c) All rights reserved.    │   Home   │   Email