The Full Wiki

More info on ISO/IEC 27006

ISO/IEC 27006: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

ISO/IEC 27006, part of a growing family of ISO/IEC Information Security Management System (ISMS) standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

ISO/IEC 27006 lays out formal requirements for accredited organizations which certify other organizations compliant with ISO/IEC 27001.

It effectively replaces EA 7/03 (Guidelines for the Accreditation of bodies operating certification/ registration of. Information Security Management Systems).

The standard helps ensure that ISO/IEC 27001 certificates issued by accredited organizations are meaningful and trustworthy, in other words it is a matter of assurance.

Outline of the Standard

The standard contains the following ten sections:

  • 1: Scope;
  • 2: Normative references;
  • 3: Terms and definitions;
  • 4: Principles;
  • 5: General requirements;
  • 6: Structural requirements;
  • 7: Resource requirements;
  • 8: Information requirements;
  • 9: Process requirements;
  • 10: Management system requirements for certification bodies.


See also

External links



Got something to say? Make a comment.
Your name
Your email address