ISO/IEC 27006-1:2024
(Main)Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of information security management systems — Part 1: General
Information security, cybersecurity and privacy protection — Requirements for bodies providing audit and certification of information security management systems — Part 1: General
This document specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021-1. The requirements contained in this document are demonstrated in terms of competence and reliability by bodies providing ISMS certification. The guidance contained in this document provides additional interpretation of these requirements for bodies providing ISMS certification. NOTE This document can be used as a criteria document for accreditation, peer assessment or other audit processes.
Sécurité de l'information, cybersécurité et protection de la vie privée — Exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information — Partie 1: Généralités
Le présent document spécifie les exigences et fournit des recommandations pour les organismes procédant à l'audit et à la certification d'un système de management de la sécurité de l'information (SMSI), en plus des exigences contenues dans l'ISO/IEC 17021‑1. Les organismes qui procèdent à la certification de systèmes ISMS démontrent qu'ils respectent les exigences de compétence et de fiabilité présentées dans le présent document. Les recommandations contenues dans le présent document fournissent une interprétation supplémentaire de ces exigences pour les organismes procédant à la certification de systèmes ISMS. NOTE Le présent document peut être utilisé comme référentiel pour l'accréditation, l'évaluation par des pairs ou d'autres processus d'audit.
General Information
Relations
Buy Standard
Standards Content (Sample)
International
Standard
ISO/IEC 27006-1
First edition
Information security, cybersecurity
2024-03
and privacy protection —
Requirements for bodies
providing audit and certification of
information security management
systems —
Part 1:
General
Sécurité de l'information, cybersécurité et protection de la vie
privée — Exigences pour les organismes procédant à l'audit et
à la certification des systèmes de management de la sécurité de
l'information —
Partie 1: Généralités
Reference number
ISO/IEC 27006-1:2024(en) © ISO/IEC 2024
---------------------- Page: 1 ----------------------
ISO/IEC 27006-1:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
---------------------- Page: 2 ----------------------
ISO/IEC 27006-1:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 4
5 General requirements . 5
5.1 L egal and contractual matters .5
5.2 Management of impartiality .5
5.2.1 General .5
5.2.2 Conflicts of interest.5
5.3 Liability and financing .5
6 Structural requirements . 5
7 Resource requirements . 5
7.1 Competence of personnel .5
7.1.1 General .5
7.1.2 Generic competence requirements .
...
Norme
internationale
ISO/IEC 27006-1
Première édition
Sécurité de l'information,
2024-03
cybersécurité et protection de la
vie privée — Exigences pour les
organismes procédant à l'audit
et à la certification des systèmes
de management de la sécurité de
l'information —
Partie 1:
Généralités
Information security, cybersecurity and privacy protection —
Requirements for bodies providing audit and certification of
information security management systems —
Part 1: General
Numéro de référence
ISO/IEC 27006-1:2024(fr) © ISO/IEC 2024
---------------------- Page: 1 ----------------------
ISO/IEC 27006-1:2024(fr)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/IEC 2024
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
© ISO/IEC 2024 – Tous droits réservés
ii
---------------------- Page: 2 ----------------------
ISO/IEC 27006-1:2024(fr)
Sommaire Page
Avant-propos .v
Introduction .vii
1 Domaine d'application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Principes . 5
5 Exigences générales . . 5
5.1 Domaine juridique et contractuel .5
5.2 Gestion de l'impartialité .5
5.2.1 Généralités .5
5.2.2 Conflits d'intérêts .5
5.3 Responsabilité et situation financière .5
6 Exigences structurelles . 5
7 Exigences relatives aux ressources . 5
7.1 Compétence du personnel .5
7.1.1 Généralités .5
7.1.2 Exigences génériques en matière de compétence .
...
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27006-1
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
2023-11-02 Requirements for bodies providing
audit and certification of information
Voting terminates on:
2023-12-28
security management systems —
Part 1:
General
ISO/CEN PARALLEL PROCESSING
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 27006-1:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 27006-1:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
27006-1
ISO/IEC JTC 1/SC 27
Information security, cybersecurity
Secretariat: DIN
and privacy protection —
Voting begins on:
Requirements for bodies providing
audit and certification of information
Voting terminates on:
security management systems —
Part 1:
General
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
ISO/CEN PARALLEL PROCESSING
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/IEC FDIS 270061:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
© ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 27006-1:2023(E)
Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 4
5 General requirements . 5
5.1 L egal and contractual matters . 5
5.2 Management of impartiality . 5
5.2.1 General . 5
5.2.2 Conflicts of interest.
...
Style Definition: Heading 1: Indent: Left: 0 cm, First line: 0
Date: ISO/IEC FDIS 27006-1:2023-08-08(E)
cm, Tab stops: Not at 0.76 cm
Style Definition: Heading 2: Font: Bold, Tab stops: Not at
ISO/IEC JTC 1/SC 27
0.63 cm
Style Definition: Heading 3: Font: Bold
Date: 2023-08-09
Style Definition: Heading 4: Font: Bold
ISO/IEC DIS 27006-1.2:2023(E)
Style Definition: Heading 5: Font: Bold
Style Definition: Heading 6: Font: Bold
ISO/IEC JTC 1/SC 27/WG 1
Style Definition: ANNEX
Style Definition: AMEND Terms Heading: Font: Bold
Secretariat: DIN
Style Definition: AMEND Heading 1 Unnumbered: Font: Bold
Date: 2023-10-18
Formatted: Left: 1.5 cm, Top: 1.4 cm, Footer distance from
edge: 0.5 cm
Information security, cybersecurity and privacy protection — Requirements for bodies
Formatted: English (United Kingdom)
providing audit and certification of information security management systems — Part 1:
Formatted: English (United Kingdom)
General
Formatted: Don't adjust space between Latin and Asian text,
Don't adjust space between Asian text and numbers
Exigences pour les organismes procédant à l'audit et à la certification des systèmes de
management de la sécurité de l'information — Partie 1 : Généralités
---------------------- Page: 1 ----------------------
ISO/IEC DIS FDIS 27006-1:2023(E)
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
© ISO/IEC 2023 Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
All rights reserved. Unless otherwise specified, or required in the context of its implementation, Formatted: Default Paragraph Font
no part of this publication may be reproduced or utilized otherwise in any form or by any means,
Formatted: Default Paragraph Font
electronic or mechanical, including photocopying, or posting on the internet or an intranet,
without prior written permission. Permission can be requested from either ISO at the address
below or ISO’sISO's member body in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Phone: + 41 22 749 01 11
Email: copyright@iso.org
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Published in Switzerland.
Formatted: English (United Kingdom)
Formatted: Font: 9 pt
Formatted: Left, Space Before: 18 pt, Line spacing: Exactly
12 pt
Formatted: English (United Kingdom)
Formatted: Font: 9 pt
Formatted: Font: 9 pt
Formatted: Font: 9 pt
Formatted: Font: 11 pt
Formatted: Space Before: 18 pt, Line spacing: Exactly 12 pt
ii © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC DIS FDIS 27006-1:2023(E)
Formatted: Font: 11.5 pt
Formatted: Font: 11.5 pt
Formatted: Font: Not Bold
Contents Page
Foreword . 6
Introduction . 8
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 5
5 General requirements . 5
5.1 Legal and contractual matters . 5
5.2 Management of impartiality . 5
5.2.1 General . 5
5.2.2 Conflicts of interest . 5
5.3 Liability and financing . 5
6 Structural req
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.