Jump to content

ISO/IEC 27006

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by DAJF (talk | contribs) at 09:01, 17 October 2015 (copy-edit (entitled -> titled)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

ISO/IEC 27006, part of a growing family of ISO/IEC Information Security Management System (ISMS) standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

ISO/IEC 27006 lays out formal requirements for accredited organizations which certify other organizations compliant with ISO/IEC 27001.

It effectively replaces EA 7/03 (Guidelines for the Accreditation of bodies operating certification/ registration of. Information Security Management Systems).

The standard helps ensure that ISO/IEC 27001 certificates issued by accredited organizations are meaningful and trustworthy, in other words it is a matter of assurance.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=ISO/IEC_27006&oldid=686145570"