ISO 27006 for ISMS Certification Bodies

The new standard, ISO 27006:2007 is titled, Information Technology – Security Techniques – Requirements for Bodies providing Audit and Certification of Information Security Management Systems.

ISO 27006 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS) beyond the requirements within ISO 17021 and ISO 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.

The requirements in ISO 27006 need to be demonstrated in terms of competence and reliability by any organization providing ISMS certification. The guidance in ISO 27006 provides additional interpretation of these requirements for ISMS certification bodies.

You can order ISO 27006:2007 at theĀ ANSI e-Standards Store.