ISO 27006:2007 is specified the requirements for bodies providing audit and certification services with respect to information security management systems. It was prepared by the ISO technical committee ISO/IEC JTC1 and first published in April of 2007.
It's relationship with ISO 17021, which defines the criteria for those auditing and defining management systems, is defined by the standard itself as follows: "If such bodies are to be accredited as complying with ISO/IEC 17021... in accordance with ISO/IEC 27001, some additional requirements and guidance to ISO/IEC 17021 are necessary. These are provided by this International Standard". The standard (ISO27006) is largely intended to support the accreditation of certification bodies providing ISMScertification.
The Table of Contents of ISO27006
ISO27006 ToC
This standard is available from a range of sources, a number of which are identified by the .
