ISO/IEC 27006:2015
Superseded
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
Amended by
Available format(s)
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
Superseded date
01-03-2024
Language(s)
French, English
Published date
30-09-2015
ISO/IEC 27006:2015 specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021‑1 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.
The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS certification.
NOTE This International Standard can be used as a criteria document for accreditation, peer assessment or other audit processes.
| Committee |
ISO/IEC JTC 1/SC 27
|
| DevelopmentNote |
NEW CHILD AMD 1 2020 IS NOW ADDED.
|
| DocumentType |
Standard
|
| Pages |
39
|
| ProductNote |
NEW CHILD AMD 1 2020 IS NOW ADDED.
|
| PublisherName |
International Organization for Standardization
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes | |
| UnderRevision |
| Standards | Relationship |
| CEI UNI EN ISO/IEC 27006:2021 | Identical |
| UNI CEI EN ISO/IEC 27006:2021 | Identical |
| PN-EN ISO/IEC 27006:2021-05 | Identical |
| EN ISO/IEC 27006:2020 | Identical |
| EN ISO/IEC 27006:2020 | Identical |
| JIS Q 27006:2018 | Identical |
| NS ISO/IEC 27006 : 2015 | Identical |
| CAN/CSA-ISO/IEC 27006:16 | Identical |
| NEN ISO/IEC 27006 : 2015 | Identical |
| BS ISO/IEC 27006:2015 | Identical |
| PN ISO/IEC 27006 : 2016 | Identical |
| SANS 27006:2018 | Identical |
| DS/ISO/IEC 27006:2015 | Identical |
| DS/EN ISO/IEC 27006:2020 | Identical |
| DS ISO/IEC 27006 : 2011 | Identical |
| GOST R ISO/IEC 27006 : 2008 | Identical |
| NBN ISO/IEC 27006 : 2014 | Identical |
| BIS IS/ISO/IEC 27006 : 2007 | Identical |
| UNE-EN ISO/IEC 27006:2020 | Identical |
| SANS 27006 : 2ED 2013 | Identical |
| 12/30236518 DC : 0 | BS ISO/IEC 27000 - INFORMATION SECURITY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| PD ISO/TR 12859:2009 | Intelligent transport systems. System architecture. Privacy aspects in ITS standards and systems |
| 15/30319488 DC : 0 | BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| 13/30278879 DC : 0 | BS ISO/IEC DTS 17023 - CONFORMITY ASSESSMENT - GUIDELINES FOR DETERMINING DURATION OF MANAGEMENT SYSTEM CERTIFICATION AUDITS |
| CSA TELECOM ORGANIZATIONS PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR |
| PD ISO/TR 18638:2017 | Health informatics. Guidance on health information privacy education in healthcare organizations |
| S.R. CEN ISO/TS 14441:2013 | HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF EHR SYSTEMS FOR USE IN CONFORMITY ASSESSMENT (ISO/TS 14441:2013) |
| CSA ISO/IEC TR 27008 : 2013 : R2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR AUDITORS ON INFORMATION SECURITY CONTROLS |
| ISO/TR 12859:2009 | Intelligent transport systems System architecture Privacy aspects in ITS standards and systems |
| S.R. CEN/TR 16742:2014 | INTELLIGENT TRANSPORT SYSTEMS - PRIVACY ASPECTS IN ITS STANDARDS AND SYSTEMS IN EUROPE |
| PD ISO/IEC/TR 15026-1:2010 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
| ISO/IEC TS 17022:2012 | Conformity assessment Requirements and recommendations for content of a third-party audit report on management systems |
| BS EN ISO/IEC 27000:2017 | Information technology. Security techniques. Information security management systems. Overview and vocabulary |
| ISO/IEC 27000:2018 | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/TR 14639-2:2014 | Health informatics Capacity-based eHealth architecture roadmap Part 2: Architectural components and maturity model |
| INCITS/ISO/IEC 27013 : 2014 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDANCE ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1 |
| 15/30299325 DC : 0 | BS ISO/IEC 27013 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDANCE ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1 |
| 14/30295030 DC : 0 | BS ISO/IEC 17021-1 - CONFORMITY ASSESSMENT - REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF MANAGEMENT SYSTEMS - PART 1: REQUIREMENTS |
| BS EN ISO/IEC 17021:2011 | Conformity assessment. Requirements for bodies providing audit and certification of management systems |
| DIN ISO/IEC 27000:2015-12 (Draft) | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| PD ISO/IEC TR 27008:2011 | Information technology. Security techniques. Guidelines for auditors on information security controls |
| 11/30204593 DC : DRAFT MAY 2011 | BS ISO/IEC 27010 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS |
| 08/30133461 DC : 0 | ISO/IEC 27003 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
| CAN/CSA-ISO/IEC 27013:16 | Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (Adopted ISO/IEC 27013:2015, second edition, 2015-12-01) |
| TR 101 533-2 : 1.3.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); DATA PRESERVATION SYSTEMS SECURITY; PART 2: GUIDELINES FOR ASSESSORS |
| 14/30231508 DC : 0 | BS ISO 13065 - SUSTAINABILITY CRITERIA FOR BIOENERGY |
| BS ISO/IEC 27000 : 2016 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| ISO/IEC TR 27008:2011 | Information technology Security techniques Guidelines for auditors on information security controls |
| 13/30284691 DC : 0 | BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| UNI CEI EN ISO/IEC 17021 : 2011 | CONFORMITY ASSESSMENT - REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF MANAGEMENT SYSTEMS |
| CSA ISO/IEC TR 27008: 2013 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR AUDITORS ON INFORMATION SECURITY CONTROLS |
| TS 119 403 : 2.2.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); TRUST SERVICE PROVIDER CONFORMITY ASSESSMENT - REQUIREMENTS FOR CONFORMITY ASSESSMENT BODIES ASSESSING TRUST SERVICE PROVIDERS |
| ISO/IEC 27007:2017 | Information technology Security techniques Guidelines for information security management systems auditing |
| ISO/IEC 20000-6:2017 | Information technology — Service management — Part 6: Requirements for bodies providing audit and certification of service management systems |
| ISO/IEC TR 27016:2014 | Information technology Security techniques Information security management Organizational economics |
| UNI CEN ISO/TS 14441 : 2014 | HEALTH INFORMATICS - SECURITY AND PRIVACY REQUIREMENTS OF HER SYSTEMS FOR USE IN CONFORMITY ASSESSMENT |
| CSA ISO/IEC TR 15026-1 : 2013 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
| CSA ISO/IEC 15026-1 : 2015 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
| ISO/IEC 27013:2015 | Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 |
| CSA ISO/IEC 27007 : 2013 : R2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR INFORMATION SECURITY MANAGEMENT SYSTEMS AUDITING |
| 17/30342692 DC : 0 | BS ISO/IEC 27007 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR INFORMATION SECURITY MANAGEMENT SYSTEMS AUDITING |
| BIP 0139 : 2013 | AN INTRODUCTION TO ISO/IEC 27001:2013 |
| BS ISO/IEC 20000-6:2017 | Information technology. Service management Requirements for bodies providing audit and certification of service management systems |
| CSA ISO/IEC 27003 : 2010 : R2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
| ISO/IEC 15026-1:2013 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
| I.S. EN ISO/IEC 27000:2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY (ISO/IEC 27000:2016) |
| UNE-EN ISO/IEC 17021:2011 | Conformity assessment - Requirements for bodies providing audit and certification of management systems (ISO/IEC 17021:2011) |
| EN ISO/IEC 17021-1:2015 | Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements (ISO/IEC 17021-1:2015) |
| 10/30162769 DC : DRAFT NOV 2010 | BS ISO/IEC 27007 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR INFORMATION SECURITY MANAGEMENT SYSTEMS AUDITING |
| CAN/CSA-ISO/IEC 27010:16 | Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications (Adopted ISO/IEC 27010:2015, second edition, 2015-11-15) |
| INCITS/ISO/IEC 27010 : 2017 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS |
| CSA INFORMATION SECURITY PACKAGE : 2018 | CONSISTS OF CAN/CSA-ISO/IEC 27000:18 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY; CAN/CSA-ISO/IEC 27001:14, INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS; CAN/CSA-ISO/IEC 27002:15 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION |
| BS ISO/IEC 15026-1:2013 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
| BIP 0071 : 2014 | GUIDELINES ON REQUIREMENTS AND PREPARATION FOR ISMS CERTIFICATION BASED ON ISO/IEC 27001 |
| BS ISO/IEC 27007:2017 | Information technology. Security techniques. Guidelines for information security management systems auditing |
| BS ISO/IEC 27010:2015 | Information technology. Security techniques. Information security management for inter-sector and inter-organizational communications |
| UNE-EN ISO/IEC 17021-1:2015 | Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 1: Requirements (ISO/IEC 17021-1:2015) |
| 13/30268559 DC : 0 | BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
| PD CEN/TR 16742:2014 | Intelligent transport systems. Privacy aspects in ITS standards and systems in Europe |
| BS EN ISO/IEC 17021-1:2015 | Conformity assessment. Requirements for bodies providing audit and certification of management systems Requirements |
| CAN/CSA-ISO/IEC 30100-2:18 | Information technology — Home network resource management — Part 2: Architecture (Adopted ISO/IEC 30100-2:2016, first edition, 2016-04) |
| PD ISO/IEC TS 17023:2013 | Conformity assessment. Guidelines for determining the duration of management system certification audits |
| 15/30320354 DC : 0 | BS ISO/IEC 27010 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS |
| I.S. EN ISO/IEC 17021-1:2015 | CONFORMITY ASSESSMENT - REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF MANAGEMENT SYSTEMS - PART 1: REQUIREMENTS (ISO/IEC 17021-1:2015) |
| CSA ISO/IEC 27003 : 2010 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION GUIDANCE |
| UNE-ISO/IEC 27000:2014 | Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary |
| SR 003 391 : 2.1.1 | CLOUD STANDARDS COORDINATION PHASE 2; INTEROPERABILITY AND SECURITY IN CLOUD COMPUTING |
| GS ISI 001-2 : 1.1.2 | INFORMATION SECURITY INDICATORS (ISI); INDICATORS (INC); PART 2: GUIDE TO SELECT OPERATIONAL INDICATORS BASED ON THE FULL SET GIVEN IN PART 1 |
| IWA 13:2014 | Multiple resource evaluation guideline |
| ISO/IEC 30100-2:2016 | Information technology Home network resource management Part 2: Architecture |
| ISO/IEC TR 15026-1:2010 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
| ISO/IEC 27010:2015 | Information technology Security techniques Information security management for inter-sector and inter-organizational communications |
| ISO/TS 14441:2013 | Health informatics — Security and privacy requirements of EHR systems for use in conformity assessment |
| ISO/IEC 17021:2011 | Conformity assessment Requirements for bodies providing audit and certification of management systems |
| EN ISO/IEC 27000:2017 | Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2016) |
| ISO/IEC 17021-1:2015 | Conformity assessment Requirements for bodies providing audit and certification of management systems Part 1: Requirements |
| EN ISO/IEC 17021:2011 | Conformity assessment - Requirements for bodies providing audit and certification of management systems (ISO/IEC 17021:2011) |
| UNE-ISO/IEC TS 17023:2014 | Conformity assessment -- Guidelines for determining the duration of management system certification audits |
| CSA ISO/IEC 27007 : 2013 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR INFORMATION SECURITY MANAGEMENT SYSTEMS AUDITING |
| CSA ISO/IEC 27000 : 2018 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - OVERVIEW AND VOCABULARY |
| GS ISI 001-1 : 1.1.2 | INFORMATION SECURITY INDICATORS (ISI); INDICATORS (INC); PART 1: A FULL SET OF OPERATIONAL INDICATORS FOR ORGANIZATIONS TO USE TO BENCHMARK THEIR SECURITY POSTURE |
| 08/30146238 DC : DRAFT JUNE 2008 | BS ISO/IEC 27000 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEM - OVERVIEW AND VOCABULARY |
| PD ISO/TR 14639-2:2014 | Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model |
| PD CEN ISO/TS 14441:2013 | Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment |
| 11/30207802 DC : 0 | BS ISO/IEC 27013 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES ON THE INTEGRATED IMPLEMENTATION OF ISO/IEC 27001 AND ISO/IEC 20000-1 |
| BS ISO/IEC 27013:2015 | Information technology. Security techniques. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 |
| PD ISO/IEC TR 27016:2014 | Information technology. Security techniques. Information security management. Organizational economics |
| UNI/TR 11465-2 : 2012 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI) - DATA PRESERVATION SYSTEMS SECURITY - PART 2: GUIDELINES FOR ASSESSORS |
| UNI CEI ISO/IEC TS 17022 : 2013 | CONFORMITY ASSESSMENT - REQUIREMENTS AND RECOMMENDATIONS FOR CONTENT OF A THIRD-PARTY AUDIT REPORT ON MANAGEMENT SYSTEMS |
| IEEE/ISO/IEC 15026-1-2014 | IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary |
| ISO/TR 18638:2017 | Health informatics Guidance on health information privacy education in healthcare organizations |
| I.S. EN ISO/IEC 17021:2011 | CONFORMITY ASSESSMENT - REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF MANAGEMENT SYSTEMS |
| CEN/TR 16742 : 2014 | INTELLIGENT TRANSPORT SYSTEMS - PRIVACY ASPECTS IN ITS STANDARDS AND SYSTEMS IN EUROPE |
| ISO 19011:2011 | Guidelines for auditing management systems |
| AS/NZS ISO/IEC 20000.6:2019 | Information technology - Service management Requirements for bodies providing audit and certification of service management systems |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO 9001:2015 | Quality management systems — Requirements |
| ISO/IEC 27007:2017 | Information technology Security techniques Guidelines for information security management systems auditing |
| ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
| ISO/IEC 17021-1:2015 | Conformity assessment Requirements for bodies providing audit and certification of management systems Part 1: Requirements |
£58.00
Excluding VAT
GBP
CAD
CHF
CNY
DKK
EUR
GBP
HKD
IDR
INR
JPY
KRW
MXN
NOK
NZD
SEK
SGD
USD
ZAR
Hardcopy - French
PDF - French
PDF 3 Users - French
PDF 5 Users - French
PDF 9 Users - French
Hardcopy - Arabic
PDF - Arabic
PDF 3 Users - Arabic
PDF 5 Users - Arabic
PDF 9 Users - Arabic
Hardcopy - English
PDF - English
PDF 3 Users - English
PDF 5 Users - English
PDF 9 Users - English
Hardcopy - French
PDF - French
PDF 3 Users - French
PDF 5 Users - French
PDF 9 Users - French
Hardcopy - Arabic
PDF - Arabic
PDF 3 Users - Arabic
PDF 5 Users - Arabic
PDF 9 Users - Arabic
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Please Login or Create an Account so you can add users to your Multi user PDF Later.
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Users cannot be edited or removed once added to your Multi user PDF.
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.