ISO/IEC 27006
From Wikipedia, the free encyclopedia
ISO/IEC 27006 part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series' is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled IT Security techniques: Requirements for bodies providing audit and certification of Information Security Management Systems (ISMS).
ISO/IEC 27006 offers guidelines for the accreditation of organizations which offer certification and registration with respect to an ISMS. ISO/IEC 27006 effectively replaces EA 7/03 (Guidelines for the Accreditation of bodies operating certification/ registration of. Information Security Management Systems).
[edit] Outline of the Standard
The standard contains the following ten sections:
- 1: Scope;
- 2: References;
- 3: Terms;
- 4: Principles;
- 5: General Requirements;
- 6: Structural Requirements;
- 7: Resource Requirements;
- 8: Information Requirements;
- 9: Precise Requirements;
- 10: Management System Requirements.
