Search in ISMS Guides


Saturday, September 1, 2007

ISO/IEC 27006

From Wikipedia, the free encyclopedia

Jump to: navigation, search

ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled IT Security techniques: Requirements for bodies providing audit and certification of Information Security Management Systems (ISMS).

ISO/IEC 27006 offers guidelines for the accreditation of organizations which offer certification and registration with respect to an ISMS. ISO/IEC 27006 effectively replaces EA 7/03 (Guidelines for the Accreditation of bodies operating certification/ registration of. Information Security Management Systems).

Outline of the Standard

The standard contains the following ten sections:

  • 1: Scope;
  • 2: References;
  • 3: Terms;
  • 4: Principles;
  • 5: General Requirements;
  • 6: Structural Requirements;
  • 7: Resource Requirements;
  • 8: Information Requirements;
  • 9: Precise Requirements;
  • 10: Management System Requirements.

No comments: