ISO/IEC 27006-1:2024
2024-03
What is ISO/IEC 27006-1?
ISO/IEC 27006-1 specifies the additional requirements for bodies that audit and certify information security management systems (ISMS) in accordance with ISO/IEC 27001. It complements ISO/IEC 17021-1 by tailoring the rules to the specific context of ISMS certification, ensuring that certifications are issued competently, consistently and impartially.
Why is ISO/IEC 27006-1 important?
Trust in an organisation’s information security often hinges on third-party certification to ISO/IEC 27001. But to trust the certificate, one must trust the certifier. ISO/IEC 27006-1 ensures that certification bodies auditing ISMS operate with a high standard of competence and impartiality. It safeguards the credibility of ISMS certifications, facilitates international recognition, and ensures the same high standards are applied consistently across the globe.
Benefits
- Increases trust in ISMS certifications
- Ensures consistent and impartial audit practices
- Supports international recognition of certification bodies
- Provides clarity for accreditation and peer reviews
- Enhances competence in the certification of information security
FAQ
Certification bodies that audit and certify ISMS according to ISO/IEC 27001, and accreditation bodies that assess them.
It builds on ISO/IEC 17021-1 by adding specific requirements and guidance for ISMS certification, ensuring relevance and rigour.
Because it ensures that the certifiers they work with are operating to high standards, providing assurance that the certification is credible and widely accepted.
Informaciones generales
-
Estado: PublicadoFecha de publicación: 2024-03Etapa: Norma Internacional publicada [60.60]
-
Edición: 1Número de páginas: 47
-
Comité Técnico :ISO/IEC JTC 1/SC 27
- RSS actualizaciones
Ciclo de vida
-
Anteriormente
RetiradaISO/IEC 27006:2015
RetiradaISO/IEC 27006:2015/Amd 1:2020
-
Ahora