ISO 27006 or ISO27006

ISO 27006 - Requirements for Bodies Providing Audit and Certification of an ISMS

ISO 27006:2007 is specified the requirements for bodies providing audit and certification services with respect to information security management systems. It was prepared by the ISO technical committee ISO/IEC JTC1 and first published in April of 2007.

It's relationship with ISO 17021, which defines the criteria for those auditing and defining management systems, is defined by the standard itself as follows: "If such bodies are to be accredited as complying with ISO/IEC 17021... in accordance with ISO/IEC 27001, some additional requirements and guidance to ISO/IEC 17021 are necessary. These are provided by this International Standard". The standard (ISO27006) is largely intended to support the accreditation of certification bodies providing ISMScertification.

The Table of Contents of ISO27006

ISO27006 2007 TOC
ISO27006 ToC

This standard is available from a range of sources, a number of which are identified by the Standards.Bz Portal.



This portal has been online since 1996, covering technology and IT throughout. It has evolved steadily, a process which continues today. .

ISO 27006 Future
The ISO27006 standard is published. It is unlikely to be revised or significantly updated in the short term.

The PDF version of the standard can be obtained through various channels

Related Information
The SCC maintain a library of accreditation programs for management systems certification bodies.